DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2. 				
	Continued Examination Under 37 CFR 1.114
	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05/19/2022 has been entered.

3.
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner’s amendment was given over the phone on 06/08/2022 from Mark L. Berrier, Reg. No. 35,066.


4.
Terminal Disclaimer
The terminal disclaimer, filed on 05/19/2022 for later Application No. 16/746,521 has been approved.

	
5.
Examiner’s Amendments:

1. (Currently Amended) A method, comprising: 
identifying, by a computer, an event in a data network; 
analyzing, by the computer, the event in the data network, the analyzing including at least: 
identifying a type of the event; 
identifying an entity that initiated a request associated with the event; 
and identifying an operation and a resource associated with the event; 
generating, by the computer based at least on the analyzing, metadata associated with the event, the metadata including: 
the type of the event; 
the entity that initiated the request associated with the event; and 
the operation and the resource associated with the event; 
     matching, by the computer, the metadata to a unified index stored in a database communicatively coupled to the computer, wherein the unified index enables unified classification of events as potential security incidents in the data network and naming of objects in the event using a unitary language, the objects including the resource;  
       determining, by the computer based at least on the matching, whether the event comprises a potential security incident; 
        obtaining, by the computer, an interception administration policy from the database, the interception administration policy containing an instruction on how to handle the potential security incident; and 
        intercepting the event as instructed by the interception administration policy.

8. (Currently Amended) A system, comprising: 
a processing unit; 
a non-transitory computer-readable medium; and 
stored instructions stored on the non-transitory computer-readable medium and translatable by the processing unit for: 	
identifying an event in a data network; 
analyzing the event in the data network, the analyzing including at least: 
identifying a type of the event;Attorney Docket No.Application No. 16/746,521 
PROOF1390-2Customer ID: 1094224identifying an entity that initiated a request associated with the event; and 
identifying an operation and a resource associated with the event; 
generating, based at least on the analyzing, metadata associated with the event, the metadata including: 
the type of the event; 
the entity that initiated the request associated with the event; and 
the operation and the resource associated with the event; 
matching the metadata to a unified index stored in a database, wherein the unified index enables unified classification of events as potential security incidents in the data network and naming of objects in the event using a unitary language, the objects including the resource; 
determining, based at least on the matching, whether the event comprises a potential security incident; 
obtaining an interception administration policy from the database, the interception administration policy containing an instruction on how to handle the potential security incident; and 
intercepting the event as instructed by the interception administration policy.  

15. (Currently Amended) A computer program product having a non-transitory computer- readable medium storing instructions translatable by a processing unit for: 
identifying an event in a data network; 
analyzing the event in the data network, the analyzing including at least: 
identifying a type of the event; 
identifying an entity that initiated a request associated with the event; 
and identifying an operation and a resource associated with the event; generating, based at least on the analyzing, metadata associated with the event, the metadata including: 
the type of the event; 
the entity that initiated the request associated with the event; and 
the operation and the resource associated with the event; 
matching the metadata to a unified index stored in a database, wherein the unified index enables unified classification of events as potential security incidents in the data network and naming of objects in the event using a unitary language, the objects including the resource; 
determining, based at least on the matching, whether the event comprises a potential security incident; 
Attorney Docket No.Application No. 16/746,521PROOF1390-2Customer ID: 1094226obtaining an interception administration policy from the database, the interception administration policy containing an instruction on how to handle the potential security incident; and 
intercepting the event as instructed by the interception administration policy.

6.

Allowable Subject Matter

	Claims 1, 8 and 15 are amended, and claims 1-20 are allowed. The following is an examiner’s statement of reasons for allowance: No reason for allowance is needed as the record is clear in view of the above examiner’s amendments. 


According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYOUB ALATA whose telephone number is (313)446-6541.  The examiner can normally be reached on Monday - Friday 7:30 - 5:00 Est.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571)272-3804.  The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/AYOUB ALATA/Primary Examiner, Art Unit 2494