Notice of Pre-AIA  or AIA  Status
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
	Claims 1-20 are pending. Claims 1 and 12 have been amended.
	In light of the Applicant’s amendment objections to claim 1 and 12 have been withdrawn.
	Applicant’s amendments filed on  11-24-2021  has been considered and entered.	
Response to Arguments
	Applicant's amendments/arguments filed on 07-05-2022 have been fully considered but are moot in view of the new ground(s) of rejection.
Objections
	Claims 1, 6, 12, 17 and 20 are objected for the following informalities:
	In claim 1, it is suggested to provide the following changes:
		In  line 7,  replace “application” with –applications--, in line 9, replace “those”
	 with –the--, and “application” with –applications--, in line 11, replace “a plurality of user” 
	with –the plurality of users--, in line 15 replace “the type” with –a type-- and in line 20, replace 	“the various” with –a various--, in order provide proper antecedent basis and resolve minor 	informalities. Appropriate correction is required.
	In claim 12, it is suggested to provide the following changes:
		In  line 7,  replace “application” with –applications--, in line 9, replace “those”
	 with –the--, and “application” with –applications--, in line 11, replace “a plurality of user” 
	with –the plurality of users--, in line 16 replace “the type” with –a type-- and in line 21, replace 	“the various” with –a various--, in order provide proper antecedent basis and resolve minor 	informalities. Appropriate correction is required.
	In claim 6 and 17, replace “that data” with –the data--, in order to provide proper antecedent basis. Appropriate correction is required.
	Claim 20 and 9 are duplicated claims which both depend on the claim 7. Examiner assumes, claim 19 being dependent of the method claim 18. Appropriate correction is required.

Claim Rejections - 35 USC § 103
		The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu et al. (US Publication No. 2017/0063905 ) in view of Paine (US Publication No.2018/0255080).
	As per claim 1 and 12, Muddu discloses, an integrated computer network security and threat prevention and detection platform (abstract, a security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment), comprising: a central processor (paragraph [0165], “semantic processor”) operable to receive and aggregate security information from a plurality of network security applications monitoring a plurality of computing system, a plurality of users, or both; (paragraph [0163], [00164], “Data sources 302 represent various data sources that provide event data… The event data represents events that take place [monitored] in the network environment [plurality of computing system]…. data source 304 is a source of data pertaining to logs... Data source 306 is a source of data from different types of applications… Data source 308 is a source of network management or analyzer data”, paragraph [0164], [0165]  the plurality of event data  (304, 306 and 308) received by the semantic processor to perform extract, transform, and load (ETL) functions. Paragraph [0364], “processing of anomaly data 2304 may include aggregating anomaly data across the computer network, correlating different anomalies within the anomaly data”); one or more Application program interfaces (APIs) of a plurality of network security application or tools interfacing with the central processor (paragraph [0159],“application programming interfaces (APIs) for communicating with various data sources”); a display in communication with the central processor and operable to simultaneously display data from a plurality of network security applications (paragraph [0171], “threat indicators and threats may be provided to a user interface (UI) system 350 for review by a human operator”, paragraph [0178], analysis module 330A detecting anomalies, analysis module 330B detecting threats, paragraph [0440], “security platform described herein may include a GUI generator module that gathers the generated anomaly data, threat data, and other data, and based on such gathered data, generates display data”, paragraph [0452] and figure 39A and 39B, where GUI displays among other elements detected anomalies and threats); wherein the display includes a threat overview display presenting a timeline view of the type and severity of threats found on a network of the plurality of computing system, a plurality of users, or both and ranking of their severity, criticality or both (paragraph [0468], figure 40D, “two anomalies associated with the Exfiltration stage 4053… are color-coded in red to provide an indication of their high level of severity”, paragraph [0471], “Threat Anomalies Timeline 4060 provides a timeline of each anomaly”. Paragraph [0351], “[a] detected anomaly in the activity on a computer network is often associated with one  or more entities of the computer network, such as one or more physical computing devices, virtual computing devices, users…”),	wherein the platform works in conjunction with hardware and software of one or more networks (abstract, figure 4,“security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in computer network environment”,  paragraph [0748], “verity of these steps and operations may be performed by hardware components or may be embodied in machine-executable instruction”) to provide network communication analytic and threat prevention and detection at the various layers for each user, device, and program of networks to be protected (abstract, paragraph [0137], “a data processing an analytics system… that employs a variety of techniques and mechanism for anomalous activity detection in a network environment”, Paragraph [0351], “[a] detected anomaly in the activity on a computer network is often associated with one  or more entities of the computer network, such as one or more physical computing devices, virtual computing devices, users…” ).
	Muddu does not explicitly disclose wherein APIs collect, sort, aggregate and filter data collected from those network security application or tools to present an integrated dashboard presentation of system activity and threats from the plurality of computing systems, a plurality of users, or both.
	However, in an analogous art, Paine discloses, wherein APIs collect, sort, aggregate and filter data collected from those network security application or tools  (paragraph [0064], Data bundles from the Collectors are received/collected by the Cloud service API, unpacked/sorted, verified/filtered and stored/ aggregated), to present an integrated dashboard presentation of system activity and threat from the plurality of computing systems, a plurality of users, or both (paragraph [0074],“alert are made available on the Reporting Dashboard”, paragraph [0010]and [0034], detecting activities and anomalies in user behaviors and endpoints (computing systems)).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Muddu to include APIs collect, sort, aggregate and filter data collected from those network security application or tools to present an integrated dashboard presentation of system activity and threats from the plurality of computing systems, a plurality of users, or both, as disclosed by Paine. This would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to achieve the predictable result of  issuing notifications and alerts indicating one or more security threats when security threats are detected.
	As per claim 2, Muddu furthermore discloses, wherein the central processor comprises: one or more processors, one or more computers, one or more servers, or combinations thereof (paragraph [0141], cloud-based server, paragraph [0156,], large-scale data processing engine).  
	As per claim 3 and 14, Muddu furthermore teaches, wherein the plurality of network security applications comprises: hardware implemented applications, software implemented applications, or combinations thereof (paragraph[0163],[0194]).  
	As per claim 4 and 15, Muddu furthermore teaches wherein the plurality of network security applications comprises: firewalls, network traffic monitors, access controls, email monitors, vulnerability scanners, endpoint security monitors, malware detectors, virus detectors, bandwidth usage monitors, or combinations thereof (paragraph [0163], firewalls).
	As per claim 5, Muddu furthermore teaches, wherein the central processor is operable to communicate with application program interfaces of one or more of the plurality of network security applications (paragraph [0156] and [0164], data source 302 provide event data to data receiver 310, which implement API and connector to receive the event data from security platform. The security platform including data processing engine).  
	As per claim 6 and 17, Muddu furthermore discloses wherein the central processor is operable to communicate with one or more data collection and analytic tool applications to search, collect, and parse network traffic data and provide access to  data in a defied protocol of one or more of the plurality of network security applications (paragraph [0164], [0165], semantic processor receives data form receiver 310 and performs among other functions, ETL functions, performs parsing of the incoming data, enrichment of the event data, filtering the event data, and formatting to a format that is efficient for downstream access and unitization). 
	As per claim 7 and 18, Muddu furthermore discloses wherein the central processor is operable to collect, sort, aggregate, and filter information collected from the plurality of network security applications (paragraph [0165], [0178], [0364], [440], [452], processor receives/collects event data, Performs parsing/sorting, filtering and aggregating the event data), to transmit aggregated data to the display for presentation to a user (paragraph [0440], [0441], display gathered anomaly data, threat data, and other data), and to isolate detected threats from the network (paragraph [0319], and blocking of network traffic corresponding to the threat). 
	As per claim 8 and 19, Muddu furthermore discloses, wherein the displayed aggregated data comprises: network usage data, network threats data, application usage data, threat mitigation data, malware activity data, virus activity data, or combinations thereof (paragraph [0443], “GUI introduced here generates views pertaining to threats and anomalies” (treats data)).  
	As per claim 9 and 20, Muddu furthermore discloses wherein the displayed aggregated data is presented in a timeline view (paragraph [0471], “Threat Anomalies Timeline 4060 provides a timeline of each anomaly”).
	As per claim 10 and 13, Muddu furthermore teaches, wherein the central processor calculates a system risk rating based on data aggregated from the plurality of network security applications (paragraph [0364], “a process for assigning a threat indicator score based on processing the anomaly data 2304…processing of the anomaly data 2304 may include aggregating anomaly data across the computer network”).  
	As per claim 11, Muddu furthermore teaches, wherein the platform is operable in a layered interconnection network (paragraph [0010], [0158], multiple functional layers of security platforms ).  
	As per claim 16, Muddu furthermore teaches wherein the central processor is operable to communicate with application program interfaces of one or more of the plurality of network security applications in a layered network configuration (paragraph [0156] and [0164], data source 302 provide event data to data receiver 310, which implement API and connector to receive the event data from security platform having the large-scale processing engine, paragraph [0319], and blocking of network traffic corresponding to the threat , Paragraph [0351], “[a] detected anomaly in the activity on a computer network is often associated with one  or more entities of the computer network, such as one or more physical computing devices, virtual computing devices, users…”).  

References Cited, Not Used
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	Holz et al., US Publication No. 2018/0157842, discloses mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. 
	Czaplewski et al., US Publication No. 2019/0354686, discloses a computer-implemented method includes retrieving, by a server, application data about the one or more software applications via one or more databases. The server retrieves security data for the one or more software applications via the one or more databases. The server calculates a plurality of categorical scores for each of the one or more software applications based on the security data. The server calculates an overall security score for each of the one or more software applications based on the plurality of categorical scores as calculated. The server instructs the plurality of categorical scores and the overall security score for each of the one or more software applications to be stored in an application database. The server outputs to a user device the plurality of categorical scores and the overall security score for each of the one or more software applications in the application database.

Conclusion
	  Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300 Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437