DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/12/2020 was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Following claim is amended as follow:
12 (Amended).  A computer-implement method for controlling transmission of log data based on a model comprising;
receiving a trained model executable at an edge node, the trained model executable comprising: a classifier trained to generate a priority score for a plurality of record based on weightings associated a first batch of training data included in a security analysis, a second batch of training data excluded from the security analysis, and a third
batch of data actually reviewed based on a user selection; 
receiving a first pulse from a collector;
selecting a first set of records for transmission based at least in part on the priority score; and transmitting the first set of records to the collector at a rate based at least in part on a value of the first pulse from the collector.

Allowable Subject Matter
Claims 1-20 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  
Regarding claim 1, and its respective dependents, the art of record either alone or in combination fails to particular disclose or suggest the claim limitation of “receiving transmitted log information from a plurality of nodes; applying a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from
the security analysis, and a third batch of data as actually reviewed in the security
analysis based on a user selection; training a classifier based on outcomes of the rule-based algorithm; converting the classifier to run as a trained model executable on the plurality of nodes;
and transmitting the trained model executable to the plurality of nodes.”
As to the art of record, Martini reference discloses the concept of claim limitation of managing of network security service of a hybrid cloud computing network. However, Martini does not teach with respect to the entire or combination claim limitation of “receiving transmitted log information from a plurality of nodes; applying a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from
the security analysis, and a third batch of data as actually reviewed in the security
analysis based on a user selection; training a classifier based on outcomes of the rule-based algorithm; converting the classifier to run as a trained model executable on the plurality of nodes; and transmitting the trained model executable to the plurality of nodes.”
As to the art of record, Margel et al. reference discloses the concept of claim limitation of a system to classify the logs of the databases. However, Margel et al. does not teach with respect to the entire or combination claim limitation of “receiving transmitted log information from a plurality of nodes; applying a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from
the security analysis, and a third batch of data as actually reviewed in the security
analysis based on a user selection; training a classifier based on outcomes of the rule-based algorithm; converting the classifier to run as a trained model executable on the plurality of nodes; and transmitting the trained model executable to the plurality of nodes.”
As to the art of record, Bugakov et al. reference discloses the concept of claim limitation of the techniques to automatically update payment information in a computing environment. However, Bugakov et al. does not teach with respect to the entire or combination claim limitation of “receiving transmitted log information from a plurality of nodes; applying a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from the security analysis, and a third batch of data as actually reviewed in the security analysis based on a user selection; training a classifier based on outcomes of the rule-based algorithm; converting the classifier to run as a trained model executable on the plurality of nodes; and transmitting the trained model executable to the plurality of nodes.”
As to the art of record, Dubey et al. reference discloses the concept of claim limitation of a system to analyze to prioritize event data. However, Dubey et al. does not teach with respect to the entire or combination claim limitation of “receiving transmitted log information from a plurality of nodes; applying a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from the security analysis, and a third batch of data as actually reviewed in the security analysis based on a user selection; training a classifier based on outcomes of the rule-based algorithm; converting the classifier to run as a trained model executable on the plurality of nodes; and transmitting the trained model executable to the plurality of nodes.”
The following is a statement of reasons for the indication of allowable subject matter:  
Regarding claim 12, and its respective dependents, the art of record either alone or in combination fails to particular disclose or suggest the claim limitation of “receiving a trained model executable at an edge node, the trained model executable comprising: a classifier trained to generate a priority score for a plurality of record based on weightings associated a first batch of training data included in a security analysis, a second batch of training data excluded from the security analysis, and a third
batch of data actually reviewed based on a user selection; receiving a first pulse from a collector;
 selecting a first set of records for transmission based at least in part on the priority score; and transmitting the first set of records to the collector at a rate based at least in part on a value of the first pulse from the collector.”
As to the art of record, Martini reference discloses the concept of claim limitation of managing of network security service of a hybrid cloud computing network. However, Martini does not teach with respect to the entire or combination claim limitation of “receiving a trained model executable at an edge node, the trained model executable comprising: a classifier trained to generate a priority score for a plurality of record based on weightings associated a first batch of training data included in a security analysis, a second batch of training data excluded from the security analysis, and a third batch of data actually reviewed based on a user selection; receiving a first pulse from a collector; selecting a first set of records for transmission based at least in part on the priority score; and transmitting the first set of records to the collector at a rate based at least in part on a value of the first pulse from the collector.”
As to the art of record, Margel et al. reference discloses the concept of claim limitation of a system to classify the logs of the databases. However, Margel et al. does not teach with respect to the entire or combination claim limitation of “receiving a trained model executable at an edge node, the trained model executable comprising: a classifier trained to generate a priority score for a plurality of record based on weightings associated a first batch of training data included in a security analysis, a second batch of training data excluded from the security analysis, and a third batch of data actually reviewed based on a user selection; receiving a first pulse from a collector; selecting a first set of records for transmission based at least in part on the priority score; and transmitting the first set of records to the collector at a rate based at least in part on a value of the first pulse from the collector.”
As to the art of record, Bugakov et al. reference discloses the concept of claim limitation of the techniques to automatically update payment information in a computing environment. However, Bugakov et al. does not teach with respect to the entire or combination claim limitation of “receiving a trained model executable at an edge node, the trained model executable comprising: a classifier trained to generate a priority score for a plurality of record based on weightings associated a first batch of training data included in a security analysis, a second batch of training data excluded from the security analysis, and a third batch of data actually reviewed based on a user selection; receiving a first pulse from a collector;  selecting a first set of records for transmission based at least in part on the priority score; and transmitting the first set of records to the collector at a rate based at least in part on a value of the first pulse from the collector.”
As to the art of record, Dubey et al. reference discloses the concept of claim limitation of a system to analyze to prioritize event data. However, Dubey et al. does not teach with respect to the entire or combination claim limitation of “receiving a trained model executable at an edge node, the trained model executable comprising: a classifier trained to generate a priority score for a plurality of record based on weightings associated a first batch of training data included in a security analysis, a second batch of training data excluded from the security analysis, and a third batch of data actually reviewed based on a user selection; receiving a first pulse from a collector; selecting a first set of records for transmission based at least in part on the priority score; and transmitting the first set of records to the collector at a rate based at least in part on a value of the first pulse from the collector.”

The following is a statement of reasons for the indication of allowable subject matter:  
Regarding claim 19, and its respective dependents, the art of record either alone or in combination fails to particular disclose or suggest the claim limitation of “a training module adapted to: receive transmitted log information from a plurality of edge nodes; apply a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from the security analysis, and a third batch of data as actually reviewed
in the security analysis based on a user selection; train a classifier based on outcomes of the rule-based algorithm; convert the classifier to run as a trained model executable on the plurality of nodes; and transmit the trained model executable to the plurality of edge nodes; an agent associated with one of the plurality of edge nodes, the agent adapted to: receive the trained model executable; assign a priority score to a plurality of records using the trained model executable; receive a first pulse from a collector;
select a first set of records for transmission based at least in part on the priority score and on the first pulse from the collector; and transmit the first set of records to the collector.”
As to the art of record, Martini reference discloses the concept of claim limitation of managing of network security service of a hybrid cloud computing network. However, Martini does not teach with respect to the entire or combination claim limitation of “a training module adapted to: receive transmitted log information from a plurality of edge nodes; apply a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from the security analysis, and a third batch of data as actually reviewed
in the security analysis based on a user selection; train a classifier based on outcomes of the rule-based algorithm; convert the classifier to run as a trained model executable on the plurality of nodes; and transmit the trained model executable to the plurality of edge nodes; an agent associated with one of the plurality of edge nodes, the agent adapted to: receive the trained model executable; assign a priority score to a plurality of records using the trained model executable; receive a first pulse from a collector;
select a first set of records for transmission based at least in part on the priority score and on the first pulse from the collector; and transmit the first set of records to the collector.”
As to the art of record, Margel et al. reference discloses the concept of claim limitation of a system to classify the logs of the databases. However, Margel et al. does not teach with respect to the entire or combination claim limitation of “a training module adapted to: receive transmitted log information from a plurality of edge nodes; apply a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from the security analysis, and a third batch of data as actually reviewed in the security analysis based on a user selection; train a classifier based on outcomes of the rule-based algorithm; convert the classifier to run as a trained model executable on the plurality of nodes; and transmit the trained model executable to the plurality of edge nodes; an agent associated with one of the plurality of edge nodes, the agent adapted to: receive the trained model executable; assign a priority score to a plurality of records using the trained model executable; receive a first pulse from a collector;
 select a first set of records for transmission based at least in part on the priority score and on the first pulse from the collector; and transmit the first set of records to the collector.”
As to the art of record, Bugakov et al. reference discloses the concept of claim limitation of the techniques to automatically update payment information in a computing environment. However, Bugakov et al. does not teach with respect to the entire or combination claim limitation of “a training module adapted to: receive transmitted log information from a plurality of edge nodes; apply a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from the security analysis, and a third batch of data as actually reviewed in the security analysis based on a user selection; train a classifier based on outcomes of the rule-based algorithm; convert the classifier to run as a trained model executable on the plurality of nodes; and transmit the trained model executable to the plurality of edge nodes; an agent associated with one of the plurality of edge nodes, the agent adapted to: receive the trained model executable; assign a priority score to a plurality of records using the trained model executable; receive a first pulse from a collector;
select a first set of records for transmission based at least in part on the priority score and on the first pulse from the collector; and transmit the first set of records to the collector.”
As to the art of record, Dubey et al. reference discloses the concept of claim limitation of a system to analyze to prioritize event data. However, Dubey et al. does not teach with respect to the entire or combination claim limitation of “receiving a trained model executable at an edge node, the trained model executable comprising: a classifier trained to generate a priority score for a plurality of record based on weightings associated a first batch of training data included in a security analysis, a second batch of training data excluded from the security analysis, and a third batch of data actually reviewed based on a user selection; receiving a first pulse from a collector; selecting a first set of records for transmission based at least in part on the priority score; and transmitting the first set of records to the collector at a rate based at least in part on a value of the first pulse from the collector.” 
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAI Y CHEN whose telephone number is (571)270-5679. The examiner can normally be reached 8:30 AM -4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Pendleton can be reached on 571-272-7527. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CAI Y CHEN/               Primary Examiner, Art Unit 2425