DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The preliminary amendment filed 7/23/2020 has been placed of record in the file.
Claims 1-10 are presented for examination.
The IDS filed 7/23/2020 and the IDS filed 12/27/2021 have been considered.

Specification
The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-10 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Rathor et al. (U.S. Patent Number 9,773,112), hereinafter referred to as Rathor.
Regarding claim 1, Rathor discloses an analysis device comprising: a memory storing instructions; and one or more processors configured to execute the instructions to: generate a model of outputting information relating to an operation to be performed on a check target, based on learning data including an operation performed on a displayed check target, and a display history of a check target up until the displayed check target is displayed (column 7, lines 17-41, generates reference model based on data describing observed events); and display a check target, and information acquired from the model and relating to an operation to be performed on the check target (column 7, lines 17-41, uses model to perform exploit detection and provides feedback via interactive display screen).
Regarding claim 2, Rathor discloses wherein the information relating to the operation includes at least one of an importance degree of the operation and a content of the operation (column 8, lines 30-44, type of event).
Regarding claim 3, Rathor discloses wherein the check target is information indicating an analysis target, and the operation includes at least one of extraction of detailed information of an analysis target indicated by the check target from an event log relating to an analysis target, retrieval of another analysis target related to an analysis target indicated by the check target from the event log, and input of a determination result for an analysis target indicated by the check target (column 8, lines 51-66, obtains data from event log and generates associations of events).
Regarding claim 4, Rathor discloses wherein the content of the operation includes at least one of a type of information to be extracted in extraction of the detailed information, and relevancy to be designated in retrieval of the another analysis target (column 8, lines 30-44, type of event).
Regarding claim 5, Rathor discloses wherein the one or more processors are configured to execute the instructions to: when generating the model, generate the model, based on learning data associating an operation performed on the displayed check target with a feature relating to an analysis target indicated by each of one or more check targets included in the display history (column 9, lines 1-13, reference models generated by machine learning logic).
Regarding claim 6, Rathor discloses wherein the operation includes retrieval of another analysis target related to an analysis target indicated by the check target from an event log relating to an analysis target, and the feature relating to an analysis target indicated by each of the one or more check targets includes a feature of the analysis target, and a feature of relevancy
designated by retrieval performed on a check target displayed before corresponding one of the one or more check targets (column 8, lines 51-66, generates associations of events, where child process modified file).
Regarding claim 7, Rathor discloses wherein the analysis target includes a process operating on a computer (column 10, lines 44-58, process information of the event).
Regarding claim 8, Rathor discloses wherein the analysis target further includes at least one of a file accessed by a process, and a registry accessed by a process (column 10, lines 44-58, file identification of the event).
Regarding claim 9, Rathor discloses an analysis method comprising: generating a model of outputting information relating to an operation to be performed on a check target, based on learning data including an operation performed on a displayed check target, and a display history of a check target up until the displayed check target is displayed (column 7, lines 17-41, generates reference model based on data describing observed events); and displaying a check target, and information acquired from the model and relating to an operation to be performed on the check target (column 7, lines 17-41, uses model to perform exploit detection and provides feedback via interactive display screen).
Regarding claim 10, Rathor discloses a non-transitory computer-readable recording medium storing a program causing a computer to execute processing of: generating a model of outputting information relating to an operation to be performed on a check target, based on learning data including an operation performed on a displayed check target, and a display history of a check target up until the displayed check target is displayed (column 7, lines 17-41, generates reference model based on data describing observed events); and displaying a check target, and information acquired from the model and relating to an operation to be performed on the check target (column 7, lines 17-41, uses model to perform exploit detection and provides feedback via interactive display screen).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Brandwine et al. (U.S. Patent Number 10,079,842) disclosed techniques for detecting malicious activity based on operations to a log.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812. The examiner can normally be reached Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Victor Lesniewski/Primary Examiner, Art Unit 2493