DETAILED ACTION
Claims 1-20 are pending for Examination. Claims 1, 10, and 14 are independent claims.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner’s Note on Formality
Claims 10 and 14 each use the word “siphon” uncommonly seen in the field of computer art. Specifically, claim 10 recites “an AI engine that:  siphons first cyberthreats detected by a first vendor tool; siphons second cyberthreats detected by a second vendor tool.” Claim 14 recites “siphon first cyberthreats detected by a first vendor tool.”  Applicant is advised to use another word for “siphon” for clarity.

Election/Restrictions
Restriction to one of the following inventions is required under 35 U.S.C. 121:
Group I: claims 1-9 are drawn to a method of using machine learning techniques for determining that the first cyberthreat and the second cyberthreat correspond to a known cyberthreat so that allocation of computing resources may be prioritized to neutralize the known cyberthreat.  Group I is mainly for the application of machine learning techniques for detection and classification of cyberthreat, thus classified in CPC G06F21/56.
Group II: claims 10-13 are drawn to a system of using an AI engine and a translation engine to analyze cyberthreats over a predetermined time period by using a threshold number of known cyberthreats for removing at least one of the first vendor tool or the second vendor tool from the target device. Therefore, this group is classified in G06F11/3419 of CPC.
Group III: claims 14-20 are drawn to a broadly defined AI system that detects duplicate cyberthreats wherein the first cyberthreats is used as a reference when it comprises a known cyberthreat associated with the target device.  When the second cyberthreats is detected in analysis to comprise the known cyberthreat, both the first vendor tool and the second vendor tools are flagged as duplicate cyberthreats.  This method of detecting and flagging duplicate threats for threat mitigation is classified in H04L63/20 of CPC.
The inventions are distinct, each from the other because of the following reasons:
Inventions I and II and III are related as subcombinations disclosed as usable together in a single combination. The subcombinations are distinct if they do not overlap in scope and are not obvious variants, and if it is shown that at least one subcombination are separately usable. 
In the instant case, Invention group I is mainly directed to a method of using machine learning techniques for determining multiple cyberthreats based on a known cyberthreat for mitigation.  The entire process does not necessarily involve the step for cyberthreat analysis over a predetermined time period nor a threshold number of known cyberthreats as see in Group II.  See MPEP § 806.05(d).  Invention Group III is different from invention Groups I and II, because it is mainly about detecting and flagging the first vendor tool and the second vendor tools as duplicate cyberthreats.  Therefore, the identified Group I, Group II, and Group III are distinct from each other.
Restriction for examination purposes as indicated is proper because all these inventions listed in this action are independent or distinct for the reasons given above and there would be a serious search and examination burden if restriction were not required because one or more of the following reasons apply:
(a) the inventions have acquired a separate status in the art in view of their different classification;
(b) the inventions have acquired a separate status in the art due to their recognized divergent subject matter;
(c) the inventions require a different field of search (for example, searching different classes/subclasses or electronic resources, or employing different search queries); 
(d) the prior art applicable to one invention would not likely be applicable to another invention;
(e) the inventions are likely to raise different non-prior art issues under 35 U.S.C. 101 and/or 35 U.S.C. 112, first paragraph. 

The election of an invention may be made with or without traverse. 
To reserve a right to petition, the election must be made with traverse. If the reply does not distinctly and specifically point out supposed errors in the restriction requirement, the election shall be treated as an election without traverse. Traversal must be presented at the time of election in order to be considered timely. Failure to timely traverse the requirement will result in the loss of right to petition under 37 CFR 1.144. If claims are added after the election, applicant must indicate which of these claims are readable upon the elected invention.
Applicant is reminded that upon the cancellation of claims to a non-elected invention, the inventorship must be amended in compliance with 37 CFR 1.48(b) if one or more of the currently named inventors in no longer an inventor of at least one claim remaining in the application. Any amendment of inventorship must be accompanied by a petition under 37 CFR 1.48(b) and by the fee required under 37 CFR 1.17(1).
Should applicant traverse on the ground that the inventions are not patentably distinct, applicant should submit evidence or identify such evidence now of record, showing the inventions to be obvious variants or clearly admit on the record that this is the case. In either instance, if the examiner finds one of the inventions unpatentable over the prior art, the evidence or admission may be used in a rejection under 35 U.S.C. 103 or pre-AIA  35 U.S.C. 103(a) of the other invention.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272-9953.  The examiner can normally be reached on Monday ~ Friday, 7:30 A.M ~ 5:00 P.M EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DON G ZHAO/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        09/09/2022