Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-20 are presented for examination.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Mr. Stephen A. Terrile (Reg. No.: 32946) on 22 July 2022.
The application has been amended as follows: 


1.	(Currently Amended)	A computer-implementable method for generating an anomalous event risk score, comprising:  
monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the entity comprising a user entity;
converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; 
identifying an anomalous event from the plurality of events enacted by the entity;
generating a first event risk severity score based upon the anomalous event, the first event risk severity score being generated at a time the anomalous event is identified;
generating a second event risk severity score based upon a historical entity risk function, the historical entity risk function providing an indication of historical security risk of the entity, the historical entity risk function comprises a historical entity risk reduction function, the historical risk reduction function being selected from a flat reduction function, a gradual reduction function, a flat then gradual reduction function and a step reduction function;
generating an entity risk severity score for the entity, the generating using the historical entity risk function and the event risk severity score;
performing a security analytics operation via the security analytics system using the event risk severity score, the security analytics system executing on a hardware processor, the security analytics operation the security analytics operation responding to mitigate a security risk associated with the anomalous event.

2.	(Currently Amended)	The method of claim 1, wherein:  
the first event risk severity score comprises an initial event risk severity score, the initial event risk severity score comprising an initial event risk severity score value; 
the initial event security risk score value is modified to provide a current event risk severity score by application of a reduction function to the initial event security risk score value


3.	(Currently Amended)	The method of claim 2, wherein:  
the reduction function comprises at least one of a flat reduction function, a gradual reduction function, a flat then gradual reduction function, and a step reduction function


7.	(Currently Amended)	A system comprising:  
a processor;  
a data bus coupled to the processor; and 
a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for: 
monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the entity comprising a user entity;
converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; 
identifying an anomalous event from the plurality of events enacted by the entity;
generating a first event risk severity score based upon the anomalous event, the first event risk severity score being generated at a time the anomalous event is identified;
generating a second event risk severity score based upon a historical entity risk function, the historical entity risk function providing an indication of historical security risk of the entity, the historical entity risk function maintaining the second event risk severity score for a longevity time interval, the longevity time interval comprising an interval of time during which the historical entity risk function is applied to generate the second event risk severity score;
generating an entity risk severity score for the entity, the generating using the historical entity risk function and the event risk severity score;
performing a security analytics operation via the security analytics system using the event risk severity score, the security analytics system executing on a hardware processor, the security analytics operation the security analytics operation responding to mitigate a security risk associated with the anomalous event.

8.	(Currently Amended)	The system of claim 7, wherein:  
the first event risk severity score comprises an initial event risk severity score, the initial event risk severity score comprising an initial event risk severity score value; 
the initial event security risk score value is modified to provide a current event risk severity score by application of a reduction function to the initial event security risk score value


9.	(Currently Amended)	The system of claim 8, wherein:  
the reduction function comprises at least one of a flat reduction function, a gradual reduction function, a flat then gradual reduction function, and a step reduction function


13.	(Currently Amended)	A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:  
monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the entity comprising a user entity;
converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; 
identifying an anomalous event from the plurality of events enacted by the entity;
generating a first event risk severity score based upon the anomalous event, the first event risk severity score being generated at a time the anomalous event is identified;
generating a second event risk severity score based upon a historical entity risk function, the historical entity risk function providing an indication of historical security risk of the entity, the historical entity risk function maintaining the second event risk severity score for a longevity time interval, the longevity time interval comprising an interval of time during which the historical entity risk function is applied to generate the second event risk severity score;
generating an entity risk severity score for the entity, the generating using the historical entity risk function and the event risk severity score;
performing a security analytics operation via the security analytics system using the event risk severity score, the security analytics system executing on a hardware processor, the security analytics operation the security analytics operation responding to mitigate a security risk associated with the anomalous event.

14.	(Currently Amended)	The non-transitory, computer-readable storage medium of claim 13, wherein:  
the first event risk severity score comprises an initial event risk severity score, the initial event risk severity score comprising an initial event risk severity score value; 
the initial event security risk score value is modified to provide a current event risk severity score by application of a reduction function to the initial event security risk score value


15.	(Currently Amended)	The non-transitory, computer-readable storage medium of claim 14, wherein:  
the reduction function comprises at least one of a flat reduction function, a gradual reduction function, a flat then gradual reduction function, and a step reduction function

Allowable Subject Matter
Claims 1-20 are allowed.
The claims are directed to novel and non-obvious computer-implementable methods, systems and non-transitory computer-readable storage mediums for generating an anomalous event risk score.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTOL-892.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARREN B SCHWARTZ whose telephone number is (571)270-3850. The examiner can normally be reached 9am-7pm EST, Monday-Thursday, 9am-5pm EST, Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARREN B SCHWARTZ/               Primary Examiner, Art Unit 2435