DETAILED ACTION 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Terminal Disclaimer
The terminal disclaimer filed on 08/30/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of U.S. Patent 10,268,821 and U.S. PG Publications 16/278991, 17187169 and 17/323860 have been reviewed and is accepted. The terminal disclaimers have been recorded. 

	Response to Amendments

This action is in response to the communications and remarks filed on 06/17/2022. Claims 3 and 13 have been canceled. Claims 1-2 and 4-12 have been amended. The following claims 1-2, 4, 6, 9, 11-12, 14, 16, and 19 have been examined and are pending.
Response to Arguments
Applicant's response, see pages 10-14, filed 06/17/2022, regarding the 103 rejections of Claims 1-2, 4, 6, 9, 11-12, 14, 16, and 19 have been fully considered and are persuasive. Applicant incorporated allowable subject matter. 
Acknowledgement to applicant’s amendment to claims 1-2, 4, 11-12, and 14 have been noted. The claim has been reviewed, entered and found obviating to previously raised objection for minor informalities. Objection to the claims 1-2, 4, 11-12, and 14 is hereby withdrawn.
Acknowledgement of Applicant's response to obviousness-type double patenting and is further noted as set forth in the Non-Final Office Action mailed 01/26/2022. Examiner withdraws the Double Patenting rejection.
Acknowledgement to applicant's amendment and response to claims 1-2, 5-6, 11-12, and 15-16 have been noted. The claim has been reviewed, entered and found obviating to previously raised rejection under 35 USC 112 2nd. Rejection under 35 USC 112 2nd to claims 1-2, 5-6, 11-12, and 15-16 is hereby withdrawn.
Examiner' s Amendments
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via telephone from Mr. Thomas S. Ferrill (Reg. No. 42,532) on 08/10/2022. The application has been amended as follows:
Please replace claim 1 with:
1. (Currently Amended) A cyber security appliance comprising:
one or more memories; and
one or more processors operatively coupled to the one or more memories and configured to:
utilize probes to interact with entities in a cloud infrastructure environment reliant on packet transmission, whether by [[API]] application programming interface (API) interaction, accessing logging tools, observing virtualized network traffic, and/or making requests, and that use the probes to feed information about changes in the cloud infrastructure environment back to the cyber-security appliance;
use the information about changes in the cloud infrastructure environment fed from the probes, and use one or more machine learning models that are trained on a normal behavior of at least a first entity associated with the cloud infrastructure environment; and thus, are able to indicate when a behavior of the first entity fall outside of a normal pattern of life, where the changes in the cloud infrastructure environment incudes at least information 
pertaining to server access, data access, timings of events, credentials usage, and [[DNS]] Domain Name System (DNS) requests, and where normal behavior is determined based at least in part on historical data;
use one or more machine learning models trained on cyber threats in the cloud infrastructure environment and examine at least the behaviors of the first entity falling outside of the normal pattern of life to determine ‘what is a likelihood of ‘a chain of unusual behaviors under analysis that fall outside of the normal behavior’ is a cyber threat; and 
cause one or more actions to be taken to counter the cyber threat, identified by the cyber security appliance within an organization’s portion of the cloud infrastructure environment when a cyber-threat risk parameter is indicative of a likelihood of a cyber-threat is equal to or above an actionable threshold, where the one or more actions taken are caused automatically 
by the cyber security appliance rather than a human taking an action where the cyber security appliance further comprises a user interface to display and allow a viewer of the user interface on a display screen to contextualize Cloud and [[SaaS]] Software as a Service (SaaS) events in light of network traffic from the probes on the same user 
interface, where the user interface is configured to be able to pivot between SaaS metrics and Cloud metrics to link those events and better understand at least the first entity’s behavior by considering the SaaS metrics and events as well as the cloud metrics and events as an interconnected 
whole rather than separate realms.
Please replace claim 2 with:
2. (Currently Amended) The apparatus of claim 1, where the cyber security appliance is further configured to use the information about changes in the cloud infrastructure environment from the probes and then contextualize 1) this information with ii) physical network traffic information and, [[if]] when any exists, iii) behavior of the first entity outside the cloud infrastructure environment from the probes, to analyze what is the likelihood the chain of unusual behaviors under analysis that fall outside of  the normal behavior [[being]] is malicious activity; and thus, is the cyber threat.
Please replace claim 12 with:
12. (Currently Amended) The method of claim 11, where the cyber threat module is further configured to use the information about changes in the cloud infrastructure environment from the probes and then contextualize i) this information with ii) network traffic information and, [[if]] when any exists, iii) behavior of the given entity outside the cloud infrastructure environment from the probes, to analyze what is the likelihood the chain of unusual behaviors under analysis that fall outside of [[being]] the normal behavior malicious activity; and thus, is the cyber threat.
Please replace claim 14 with:
14. (Currently Amended) The method of claim 11, where the one or more machine learning models trained on the cloud system examine at least the behaviors of the entities of devices, containers, users, and traffic patterns falling outside of the normal pattern of life and what is the likelihood of the chain of unusual behaviors from these devices, containers, users, and traffic patterns that fall outside of [[being]] the normal behavior correspond to a malicious behavior associated with the cyber threat, where the models trained on the cloud system use unsupervised machine learning and Artificial Intelligence algorithms to understand and spot the normal behavior and deviations that fall outside of [[being]] the normal behavior.
Examiner’s Comments
Applicant's amendments and arguments see pages 13-14, filed 06/17/2022 of remarks have been fully considered and are persuasive. In response to Applicant's response regarding the amended independent claims 1 and 11 after a complete search of the entire relevant prior art the examiner has determined the claims are in condition for allowance. The previous 103 rejections of claims 1-2, 4, 6, 9, 11-12, 14, 16, and 19 have been withdrawn.
The claims are now in condition for allowance.
Allowable Subject Matter
Claims 1-2, 4-12, and 14-20 are allowed.
This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” provision of the rule 37 CFR 1.104(e). Specifically, the substance of Applicant’s amendments, submittal/approval of terminal disclaimers and responses filed on 06/17/2022 are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
None of the prior art of record, including the references cited in the Applicant's Information Disclosure Statement either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682.  The examiner can normally be reached on Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Sakinah White Taylor/Primary Examiner, Art Unit 2497