DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 1-25 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  
Regarding claim 1, 15, 24, and its respective dependents, the art of record either alone or in combination fails to particular disclose or suggest the concept of claim limitation “determining that an event type of an event log of a security information and event management (SIEM) cannot be identified;
generating a vectorized log using a cleaned, tokenized, and padded version of the event log;
generating a classification for the vectorized log using a deep learning classification model that is trained to identify a potential event type for the event log based on deep learning training using a plurality of parsed logs; determining that a confidence level of the classification meets a predetermined threshold; and parsing the event log based on the classification.”
As to the art of record, Givental et al. reference discloses the concept of using Hybrid machine learning to detect anomalies. However, Givental et al. does not teach with respect to the entire or combination claim limitation stated of “determining that an event type of an event log of a security information and event management (SIEM) cannot be identified; generating a vectorized log using a cleaned, tokenized, and padded version of the event log; generating a classification for the vectorized log using a deep learning classification model that is trained to identify a potential event type for the event log based on deep learning training using a plurality of parsed logs; determining that a confidence level of the classification meets a predetermined threshold; and parsing the event log based on the classification.”
As to the art of record, Soeder et al. reference discloses the concept of automatically parsing and identification of textual data. However, Soeder et al. does not teach with respect to the entire or combination claim limitation of “determining that an event type of an event log of a security information and event management (SIEM) cannot be identified; generating a vectorized log using a cleaned, tokenized, and padded version of the event log; generating a classification for the vectorized log using a deep learning classification model that is trained to identify a potential event type for the event log based on deep learning training using a plurality of parsed logs; determining that a confidence level of the classification meets a predetermined threshold; and parsing the event log based on the classification.”
As to the art of record, Kraus et al. reference discloses the concept of dynamic cybersecurity detection of sequence anomalies. However, Kraus et al. does not teach with respect to the entire or combination claim limitation of “determining that an event type of an event log of a security information and event management (SIEM) cannot be identified; generating a vectorized log using a cleaned, tokenized, and padded version of the event log; generating a classification for the vectorized log using a deep learning classification model that is trained to identify a potential event type for the event log based on deep learning training using a plurality of parsed logs; determining that a confidence level of the classification meets a predetermined threshold; and parsing the event log based on the classification.”
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAI Y CHEN whose telephone number is (571)270-5679. The examiner can normally be reached 8:30 AM -4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Pendleton can be reached on 571-272-7527. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CAI Y CHEN/Primary Examiner, Art Unit 2425