DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/01/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Terminal Disclaimer
The terminal disclaimer filed on 06/27/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Application Nos. 16/791,449, 17/226,717 and 16/791,464 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Response to Amendment
Claims 1-20 are pending. Claims 1, 5-7, 11-13 and 17-18 are currently amended. 
Applicant’s amendments to the claims will overcome each and every 112(b) and 103 rejection previous set forth in the Non-Final Office Action mailed 03/30/2022. 
Response to Arguments
Applicant’s arguments, see pages 8-9, filed 06/27/2022, with respect to the 103 rejections have been fully considered and are persuasive.  The 103 rejections of claims 1-20 has been withdrawn. 
Allowable Subject Matter
Claims  1-20 are allowed.
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: After further search and consideration and applicant remarks put forth in the Remarks of 07/23/2020 on pages 8-10, the prior art either taken alone or in combination neither anticipates nor render obvious to the claimed subject matter of the instant application. The prior art Thomas et al. (US Pub No. 2019/0190929) discloses an enterprise can be monitored for indicators of malicious activity. When potentially malicious activity is identified, a user-based inquiry can be employed to identify potential sources of the malicious activity within the enterprise network. More specifically, by identifying a user that sourced the communication, instead of or in addition to a network address, devices within the enterprise network associated with the user can be located, analyzed, and remediated as appropriate. (Thomas, Abstract), Krebs et al. (US Pub No. 2020/0396231) discloses process models to determine systems behavior and vulnerabilities. In one embodiment, a method comprises collecting event logs from monitoring systems communicatively coupled to a computing device, each event log indicating an event occurring at a given time at a given activity within a process, measuring transition times between activities of the process from the event logs, calculating, from the measured transition times, a capacity of an activity of the activities, inferring behavior and vulnerabilities of the process based on one or more of the measured transition times and the capacity, and generating natural language output indicating the inferred behavior and vulnerabilities of the process. Further, simulations of the process are performed with statistical data regarding the event logs as input. In this way, aspects of a process such as an operational process in need of attention or vulnerable to external attacks may be rapidly identified and actions for resolution may be automatically recommended. (Krebs, Abstract), KLING et al. (US Pub No. 2020/0089885) discloses providing industrial system cybersecurity event detection and corresponding response. The systems and methods utilize various end point sensors already available in an industrial control system and an associated monitoring process to detect cybersecurity and other security threats based on data collected by the sensors. The cybersecurity monitoring process may be trained with sensor data patterns and behaviors for known threats to recognize potentially malicious activity. Such a process may also learn to recognize and be trained on new threats and may incorporate each new threat to stay current with evolving industrial threats. This allows an enterprise to utilize its existing industrial infrastructure to detect and act upon a variety of threats to an industrial system with little or no interference or interruption of existing industrial processes. (KLING, Abstract), Kliger et al. (Us Pub No. 2020/0045075) discloses performing real-time mitigations for unfamiliar threat scenarios by identifying a particular threat scenario for a client system that has not previously experienced the threat scenario and for which a remediation process is unknown. The computing system responds to the unknown threat scenario by generating and providing the client system a mitigation file that includes a predictive set of mitigation processes for responding to the threat scenario. The mitigation file is generated by first generating a threat vector that identifies a plurality of different threat scenario characteristics for the particular threat scenario. Then, a classification model is applied to the threat vector to identify a predictive set of mitigation processes that are determined to be a best fit for the threat vector and that are included in the mitigation file. (Kliger, Abstract) and Magcale et al. (US Patent No. 10,158,653) discloses a cyber security system that uses artificial intelligence, such neural networks, to monitor the security of a computer network and take automated remedial action based on the monitoring. The security system autonomically learns behavior profiles, attack profiles and circumvention techniques used to target the network. The remedial action taken by the system includes isolating any misuse that has been identified, surveilling the misuse in the isolated environment, analyzing its behavior profile and reconfiguring the network to enhance security. (Magcale, Abstract), however, the prior art taken alone or in combination fails to teach or suggest “converting the security related activity to entity behavior catalog data, the entity behavior catalog providing an inventory of entity behaviors; storing the entity behavior catalog data within an entity behavior catalog system, the entity behavior catalog system providing an inventory of security related activities, the entity behavior catalog system comprising an entity behavior profiles repository, the entity behavior profiles repository containing a plurality of entity behavior profiles, each entity behavior profile comprising information that describes an identity of a particular entity; accessing the entity behavior catalog system based upon the entity behavior catalog data; inferring a security vulnerability scenario from the observable derived based upon the monitoring, the inferring associating a security risk case with the security vulnerability scenario, the security vulnerability providing a grouping of security risk use cases that represent a particular class of security vulnerability; and performing a security operation via a security system, the security operation using the security vulnerability scenario and the entity behavior catalog data stored within the entity behavior catalog based upon the security related activity” (as recited in claims 1, 7 and 13). Claims are allowed in light of the above claim limitations when in combination with the remaining claim limitations.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAQUEAL D WADE-WRIGHT/Primary Examiner, Art Unit 2437