DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 17/188,526, filed on 03/01/2021.
Claims 1-20 have been examined and are pending in this application. 
Priority
Acknowledgment is made of Applicant’s claim for priority under 35 U.S.C. 119 (e) to Provisional Application No.: 16/312,797, filed on 03/24/2016, and Applicant’s claim for priority under 35 U.S.C. 120 to parent Application No. 15/468,942, filed on 03/24/2017 and to parent Application No. 16/434,969, filed on 06/07/2019.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 03/01/2021, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
 	A rejection based on double patenting of the “same invention” type finds its support in the language of 35 U.S.C. 101 which states that “whoever invents or discovers any new and useful process... may obtain a patent therefor...” (Emphasis added). Thus, the term “same invention,” in this context, means an invention drawn to identical subject matter. See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957).
 	A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by canceling or amending the claims that are directed to the same invention so they are no longer coextensive in scope. The filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 U.S.C. 101.
 	Regarding claims 1-2, and 4-8, Claims 1-2 and 4-8 are rejected under 35 U.S.C. 101 as claiming the same invention as that of claims 1-2 and 4-8 of prior U.S. Patent No. 10,938,842. This is a statutory double patenting rejection.
Double Patenting
          The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A non-statutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a non-statutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
          Claims 3 and 9-19 are rejected on the ground of non-statutory double patenting as being unpatentable over claims 3, 9, and 11-20 of U.S. Patent No. 10,938,842. Although the claims at issue are not identical, they are not patentably distinct from each other because claim(s) 3 and 9-19 are similar in scope to claim(s) 3, 9, and 11-20 in U.S. Patent No. 10,938,842.  If the claims in Application No. 17/188,526 are allowed, it could improperly extend the “right to exclude” for the same invention in two different Patents.
Claims 3 and 9-19 are directed to a method, a system, and a computer-readable storage device; said method, system, and computer-readable storage device are associated with the method, system, and computer-readable storage device claimed in claim(s) 3, 9, and 11-20 of U.S. Patent No. 10,938,842.  
The subject matter claimed in the instant application is fully disclosed in U.S. Patent No. 10,938,842 and is covered by U.S. Patent No. 10,938,842 since U.S. Patent No. 10,938,842 and the instant application are claiming common subject matter. 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claims 3 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 3, claim 3 recites the limitation “wherein first occurrences occurs”.  The claim previously introduces the elements of “a first occurrence” and as a result, lacks proper antecedent basis. For example, if two different levers are recited earlier in the claim, the recitation of "said lever" in the same or subsequent claim would be unclear where it is uncertain which of the two levers was intended. (MPEP 2173.05(e) [R-07.2015]) Appropriate correction to “wherein first occurrences occurs” is required to ensure proper claim interpretation.
Examiner’s Statement of Reasons for Allowance
Regarding Claims 1-2, and 4-19, Claims 1-2 and 4-19 are allowed.
Regarding Claim 3, Claim 3 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.

The following is an Examiner’s statement of reasons for allowance:
The closest prior art, as previously recited, Ferragut et al. (US 2015/0106927; Hereinafter “Ferragut’) in view of Coates et al. (US 2013/0318604; Hereinafter “Coates”) and further in view of Pearcy et al. (US 2013/0097662; Hereinafter “Pearcy”).  However, none of Ferragut, Coates, and Pearcy teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims 1, 10, and 19. For example, none of the cited prior art teaches or suggest the steps of “monitoring a plurality of occurrences in a computer system, wherein the occurrences include (1) one or more file creation or registration occurrences including a first occurrence whereby a first process creates or registers a particular file, and (2) one or more process instantiation occurrences including a second occurrence whereby the computer system instantiates a second process from the particular file and starts the second process as a service, wherein monitoring each of the file creation or registration occurrences includes generating first relevance data indicating a relevance of(i)a respective file associated with the respective file creation or registration occurrence to (ii) a respective process that creates or registers the respective file, and wherein monitoring each of the process instantiation occurrences includes generating second relevance data indicating a relevance of (i) a respective process associated with the respective process instantiation occurrence to (ii) a file from which the respective process is instantiated; identifying the second process as being associated with the security incident; determining, based on adjacency data comprising the first relevance data and the second relevance data, that at least a subset of the occurrences are relevant to the second process, wherein the subset includes the first and second occurrences; estimating a respective utility of investigating each occurrence in the subset; selecting two or more occurrences from the subset based, at least in part, on the estimated utilities, the selected occurrences including the first and second occurrences; and guiding the response to the security incident by presenting, to a user, data corresponding to the selected occurrences.” As a result, the claims are allowable over the cited prior art.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571)272-7993.  The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached at (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/NELSON S. GIDDINS/            Primary Examiner, Art Unit 2437