DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement(s) (IDS) filed on 11/04/2020 and 05/27/2021 were filed before the mailing date of this office action.  Accordingly, the information disclosure statement is(are) being considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-15 and 17-20 are rejected under 35 USC § 103 as being unpatentable over US-PGPUB No. 20210232485 A1 to Agarwal et al. (hereinafter “Agarwal”) in view of US-PGPUB No. 20190318100 A1 to Bhatia et al. (hereinafter “Bhatia”)
Regarding claim 1:
Agarwal discloses:
A method (¶15: “… a method is provided for analyzing a performance of a microservices-based application.”) comprising: 
2instrumenting, by a device (¶17: “…  a processing device…”), an application to generate OpenTelemetry trace data 3during execution of the application (¶92: “… tracing data is generated through the instrumentation of microservices-based applications … traces may be generated according to an industry standard, such as the OpenTracing standard. Other common open source instrumentation specifications include OPENTELEMETRY and OpenCensus.”); 
6identifying, by the device, a correlation between the security event and the 7OpenTelemetry trace data (¶112: “… the trace data may be paired with data from the data ingestion and query system 326, metrics generated by instrumentation, and other data sources, and correlated in various ways to provide insights. … log data from the data ingestion and query system 326 may be used to determine exactly why the component or microservice needs attention.”); and 
8providing, by the device, an indication of the security event in conjunction with 9the OpenTelemetry trace data, based on the security event being correlated with the 10OpenTelemetry trace data (¶112: “… as a broad-based correlation example, the metrics data may be used in a thresholding comparison to determine that there is an issue that needs attention, the trace data may be used to determine which component or microservice requires attention, and log data from the data ingestion and query system 326 may be used to determine exactly why the component or microservice needs attention.”).  
However, Agarwal failed to explicitly disclose the following limitation taught by Bhatia: 
4detecting, by the device, an occurrence of a security event (Bhatia ¶135: “… the analytics engine 300 receives activity data 310 when certain events occur, such as a service indicating that an event has occurred (e.g., the service has been updated or the service has detected a network threat or another event originating at the service) …”, ¶186: “… the analytics engine 300 detects certain security events.”); 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the functionality of the monitoring service of Agarwal to incorporate the functionality of the security management and control system to detect receipt of new threat data, as disclosed by Bhatia, such modification would allow the system to timely detect, analyze and mitigate threats.
Regarding claim 2:
The combination of Agarwal and Bhatia disclose: 
The method as in claim 1, wherein the security event is an Open Web Application 2Security Project (OWASP) security event (Bhatia, ¶208: “… when the action occurs, the action will match the policy and be flagged as a risk event. Policies can be pre-determined from lists of known network and database security vulnerabilities, such as those listed by the Open Web Application Security Project (OWASP).”).  
The same motivation which is applied to claim 1, applies to claim 2.
Regarding claim 3:
The combination of Agarwal and Bhatia disclose:
1The method as in claim 1, wherein providing the indication of the security event in 2conjunction with the OpenTelemetry trace data comprises: 
3associating the security event with a current OpenTelemetry trace identifier or 4span identifier (Agarwal, ¶72: “… each trace may be identified using a unique trace identifier (“Trace ID”). The trace follows the course of a request or transaction from its source to its ultimate destination in a distributed system. … a trace … includes valuable information about interactions as well as causality.”).  
Regarding claim 4:
The combination of Agarwal and Bhatia disclose:
1The method as in claim 1, wherein providing the indication of the security event in 2conjunction with the OpenTelemetry trace data comprises: 
adding the indication of the security event as an OpenTelemetry span status (Agarwal, ¶208: “… frames associated with the root cause error spans indicate the corresponding error status code …”, ¶211: “The on-screen GUI of FIG. 6 allows a client to visually correlate the error stack with the service graph to efficiently determine from where the errors are originating and the manner in which they are flowing through the application.”).  
Regarding claim 5:
The combination of Agarwal and Bhatia disclose:
1The method as in claim 1, wherein providing the indication of the security event in 2conjunction with the OpenTelemetry trace data comprises: 
3adding the indication of the security event to a current OpenTelemetry span for 4the application (Agarwal, ¶122: “… the spans generated from a single user request would be consolidated (e.g., by the collector 304 or the monitoring service 306 of FIG. 3) together using the Trace ID (and the Parent Span IDs s) to form a single trace associated with the request.”).   
Regarding claim 7:
The combination of Agarwal and Bhatia disclose:
1The method as in claim 1, wherein providing the indication of the security event in 2conjunction with the OpenTelemetry trace data comprises: 
3adding the indication of the security event to an OpenTelemetry root span for the 4application (Agarwal, ¶200: “… the chain of spans is extended to the root span of the trace regardless of whether it is an error span or not.”).  
Regarding claim 8:
The combination of Agarwal and Bhatia disclose:
1The method as in claim 1, wherein the application is a distributed application (Agarwal, ¶72: “… a single user request … propagates from one microservice … to the next in a distributed application.”, ¶92: “Distributed tracing data is generated through the instrumentation of microservices-based applications …”).  
Regarding claim 9:
The combination of Agarwal and Bhatia disclose:
1The method as in claim 1, wherein detecting the occurrence of the security event during execution of the application comprises: 
3monitoring permission calls made by the application to identify a library called by 4the application (Bhatia, ¶248: “… an agent executing on the service platform collects the application data and provides the application data to the computer system of the security monitoring and control system. … the agent is configured to identify code that, when executing, performs actions identified as security risks.”); and 
sdetermining that the library comprises vulnerable code (Bhatia, ¶248: “… the agent is 
configured to identify code that, when executing, performs actions identified as security risks. For example, certain class libraries, classes, and/or class methods can be identified as enabling actions that can be security risks, and the agent can be configured to instrument these libraries, classes, and/or methods.”).  
The same motivation which is applied to claim 1, applies to claim 9. 
Regarding claim 10:
The combination of Agarwal and Bhatia disclose:
1The method as in claim 1. wherein instrumenting the application to generate OpenTelemetry trace data during execution of the application comprises: 39PATENT 121013 1.U CPOL 1029875-US.02 
3calling an OpenTelemetry application programming interface (API) from the 4application (Agarwal, ¶02: “… an application is developed as a collection of small services; each service implements business capabilities, runs in its own process and communicates via Application Program Interfaces (“APIs”)”). 
Regarding claim 11:
Agarwal discloses:
An apparatus (Agarwal, p-17: “… a system …”), comprising: 
However, Agarwal failed to disclose the following limitations disclosed by Bhatia:
2one or more network interfaces (Bhatia, Fig. 16: “Communications Subsystem 1624”) to communicate with a network (Bhatia, ¶295: “The communications subsystem 1624 provides an interface to other computer systems and networks.”); 
3a processor (Bhatia, Fig. 16: “Processing Subsystem 1604”) coupled to the one or more network interfaces and configured to 4execute one or more processes (Bhatia ¶281: “… a processing subsystem 1604 that communicates with … a communications subsystem 1624. “); and 
5a memory (Bhatia, Fig. 16: “System Memory 1610”) configured to store a process that is executable by the processor (Bhatia ¶290: “The system memory 1610 may include a number of memories … for storage of instructions and data during program execution …”) 
The same motivation which is applied to claim 1, applies to claim 11.
In addition to the above limitations, claim 11 substantially recites the same limitations as claim 1 in the form of an apparatus to realize the corresponding method, therefore it is rejected by the same rationale. 
Regarding claims 12-15 and 17-19:
Claims 12-15 and 17-19 substantially recite the same limitations as claims 2-5 and 7-9, respectively, in the form of an apparatus to realize the corresponding method, therefore it they are rejected by the same rationale.
Regarding claim 20:
Claim 20 substantially recites the same limitation as claim 1 in the form of a tangible, non-transitory computer readable medium for storing program instructions to execute the corresponding method, therefore it is rejected by the same rationale.
Claims 6 and 16 are rejected under 35 USC § 103 as being unpatentable over Agarwal, Bhatia and further in view of USPAT No. 10,749,890 B1 to Aloisio et al. (hereinafter “Aloisio”)
Regarding claim 6:
The combination of Agarwal and Bhatia disclose the method as in claim 1, but failed to explicitly disclose the following limitation taught by Aloisio: 
wherein the device provides the indication of the security 2event in conjunction with the OpenTelemetry trace data based in part on a Common 3Vulnerability Scoring System score associated with the security event (Aloisio, col 9, lines 5-7: “The analytic server may rank attack indicators and alerts based on the CVSS scores and display the attacks on a user interface based on the ranking.”). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings the combination of Agarwal and Bhatia to incorporate the functionality of the analytic server to rank attacks based on CVSS scores and access system security vulnerabilities, as disclosed by Aloisio, such modification would enable the system to allow responders to prioritize responses and manage resources according to threat severity.
Regarding claim 16:
Claim 16 substantially recites the same limitation as claim 6 in the form of an apparatus to realize the corresponding method, therefore it is rejected by the same rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
Brown (US-PGPUB No 2021/0248023-A1)- disclosed systems and methods for distributed tracing of a distributed application including collecting and analyzing trace data within computing containers providing services of the distributed application.
Hecht et al. (US-PPGPUB No 2007/0006159-A1)- disclosed a method and a system for instrumenting object code of an application and/or an operating system on a target machine so that execution trace data can be generated, collected, and subsequently analyzed for various purposes, such as debugging and performance. 
Rathinasabapathy et al. (US-PGPUB No. 2021/0064458-A1)- disclosed systems and methods for automatically detecting and mitigating errors in a cloud computing environment. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.H./Examiner, Art Unit 2491

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491