Notice of Pre-AIA  or AIA  Status
Claims 1-20 remain for examination.  The amendment filed 7/29/22 amended claims 1, 8, 11, 17, & 18.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/29/22 has been entered.

Information Disclosure Statement
The information disclosure statement filed 7/19/22 has been considered by the Examiner.

Response to Arguments
Applicant’s arguments, see page 7 of the amendment filed 7/29/22, with respect to the rejection(s) of claim(s) 1-20 under 35 USC 102 in view of Hassanzadeh have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection under 35 USC 103 is made in view of the newly discovered reference to Currie.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hassanzadeh (U.S. Patent Publication 2017/0318050) in view of Currie (U.S. Patent 10,122,748).

Regarding claims 1, 11, & 18:
Hassanzadeh discloses a method, system, and non-transitory computer readable medium comprising: accessing network traffic from a network (communications monitored by the various sensors and devices as per paragraph 0020); accessing a plurality of events associated with the network traffic (Ibid, and paragraph 0021); determining, by a processing device, an issue based on a correlation of a portion of the plurality of events, wherein the issue represents an incident associated with the portion of the plurality of events (a “threat scenario”: e.g. paragraphs 0040-0041, 0044, 0068, etc.), and wherein the correlation of the portion of the plurality of events is based on network specific information (paragraph 0022); and storing information associated with the issue including the portion of the plurality of events (see the various logs of e.g. paragraphs 0020, 0021, 0025, & 0029).  Further regarding claim 11, Hassanzadeh further discloses a processor and memory (e.g. paragraphs 0022 & 0079).
	Hassanzadeh is silent regarding the correlation of the portion of the plurality of events being based at least in part on an event type of the portion of the plurality of events.  However, Currie discloses a related invention for monitoring network traffic for issues wherein event types are correlated with network traffic to detect threats (e.g. col. 7, lines 4-45; col. 8, lines 45-65; col. 11, lines 32-47; col. 12, lines 34-47, etc.).  It would have been obvious prior to the effective filing date of the instant application to modify the Hassanzadeh invention to also to include event types as some of the information to correlate with the network traffic, in order to improve the granularity of threat detection as different types of events can have different levels of risk associated with them (Currie, Ibid; see also col. 5, lines 18-41).

Regarding claims 2, 12, & 19:	The combination further discloses wherein the network specific information comprises at least one of information of communications of entities on the network, information of a relationship of entities of the network, or information of entity types of entities on the network (relationship of entities of the network [targets & attackers] as network specific information at Hassanzadeh, paragraph 0040). 

Regarding claims 3, 13, & 20:	The combination further discloses wherein the correlation of the portion of the plurality of events is based on at least one of an aggregation, clustering, pattern matching, event chaining, risk posture, or vulnerabilities (aggregation: Hassanzadeh, paragraph 0021). 

Regarding claims 4 and 14:	The combination further discloses determining a category associated with the issue (labeling the issue: Hassanzadeh, paragraph 0040), wherein the category associated with the issue comprises at least one of security or operational (the latter at paragraph 0040). 

Regarding claims 5 and 15:	The combination further discloses determining a priority associated with the issue, wherein the priority associated with the issue comprises at least one of critical, high, medium, low, or informational (priority at Hassanzadeh, paragraph 0036). 

Regarding claims 6 and 16:	The combination further discloses accessing information associated with the network, wherein the information associated with the network comprises a model comprising one or more relationships of entities of the network (Hassanzadeh, paragraph 0040, with the model illustrated as Figure 4B). 

Regarding claim 7:	The combination further discloses wherein at least one of the events is determined by an intrusion detection system (Hassanzadeh, paragraph 0020). 

Regarding claims 8 and 17:	The combination further discloses wherein the correlation is based on at least one of a source of a communication, or a destination of the communication (source and destination IP addresses of the communication at Hassanzadeh, paragraph 0040). 

Regarding claim 9:	The combination further discloses wherein at least one of the events is associated with an operational technology (OT) entity (Hassanzadeh, e.g. paragraphs 0020 & 0025). 

Regarding claim 10:	The combination further discloses determining the plurality of events associated with the network traffic (Hassanzadeh, paragraph 0020). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: U.S. Patent 11,003,773 (Fang) and U.S. Patent Publication 2018/0349482 (Oliner).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        8/13/2022