DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-20 is/are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Zhang (US Pub. No. 2018/0144138 A1).
In respect to Claim 1, Zhang teaches:
a method comprising: retrieving, from a graph database, first data representing a first entity in a computing environment, (Zhang teaches [0012] utilization of a graph database, wherein data regarding entities can be retrieved.) a second entity in the computing environment, and an event associated with the first entity and the second entity, (Zhang teaches [0012] multiple entities within the graph database with actions associated with each entity, wherein these actions are indicative of events associated with the entities.)
wherein the first entity and the second entity are stored in the graph database as properties of a first vertex and a second vertex, respectively, and wherein the event is stored in the graph database as a property of an edge between the first vertex and the second vertex; (Zhang teaches [0012] entities within the graph database which are linked via edges in the database, whereas the entities indicated vertexes in the graph database.)
predicting, according to a risk indicator model, a risk associated with the first entity based at least in part on the event; (Zhang teaches [0012] ranking of risk, wherein the ranking of risk is a prediction of risk.)
and updating the graph database to include second data representing the risk and a risk indicator, wherein the risk indicator is stored in the graph database as a property of a third vertex, and wherein the risk is stored in the graph database as a property of an edge between the first vertex and the third vertex (Zhang teaches [0013] a risk ranking tool which serves as a risk indicator within the graph database.)
As per Claim 2, Zhang teaches:
generating an alert based at least in part on the risk; retrieving, from the graph database, information associated with the alert; (Zhang teaches [0012] an alert based on risk.)
evaluating the information against at least one policy associated with the first entity to determine whether the information satisfies at least one condition in the at least one policy; and causing, in response to determining that the information satisfies the at least one condition, an action to occur with respect to the first entity (Zhang teaches [0012] initiation of security actions [0044] based on risk factors.)


As per Claim 3, Zhang teaches:
assigning, according to an entity risk scoring model, a risk score to the first entity based at least in part on the event and the risk, wherein the at least one condition is based at least in part on the risk score (Zhang [0003]
As per Claim 4, Zhang teaches:
updating the graph database to include third data representing the risk score, wherein the risk score is stored in the graph database as an additional property of the edge between the first vertex and the third vertex (Zhang teaches [0012] entities within the graph database which are linked via edges in the database, whereas the entities indicated vertexes in the graph database.)
As per Claim 5, Zhang teaches:
preprocessing at least one of the first data and/or the second data to produce enriched data, wherein the risk is predicted based at least in part on the enriched data; and updating the graph database to include the enriched data, wherein the enriched data is stored in the graph database as one or more additional properties of the first vertex and/or the edge between the first vertex and the third vertex (Zhang teaches [0012] entities within the graph database which are linked via edges in the database, whereas the entities indicated vertexes in the graph database.)
As per Claim 6, Zhang teaches:
receiving an additional event associated with the first entity and the second entity; (Zhang teaches [0012] multiple entities within the graph database with actions associated with each entity, wherein these actions are indicative of events associated with the entities.)
predicting, according to the risk indicator model, an additional risk associated with the first entity based at least in part on the additional event; (Zhang teaches [0012] ranking of risk, wherein the ranking of risk is a prediction of risk.)
and updating the graph database to include third data representing the additional risk, wherein the additional risk is stored in the graph database as an additional property of the edge between the first vertex and the third vertex (Zhang teaches [0012] entities within the graph database which are linked via edges in the database, whereas the entities indicated vertexes in the graph database.)
As per Claim 7, Zhang teaches:
generating an additional alert based at least in part on the additional risk; retrieving, from the graph database, information associated with the additional alert; (Zhang teaches [0012] an alert based on risk.)
evaluating the information against at least one policy associated with the first entity to determine whether the information satisfies at least one condition in the at least one policy; and causing, in response to determining that the information satisfies the at least one condition, an additional action to occur with respect to the first entity (Zhang teaches [0012] initiation of security actions [0044] based on risk factors.)

Claims 8-14 are the media claims corresponding to method claims 1-7 respectively, therefore are rejected for the same reasons noted previously.

Claims 15-20 are the system claims corresponding to method claims 1-4 & 6-7 respectively, therefore are rejected for the same reasons noted previously.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA BULLOCK whose telephone number is (571)270-1395. The examiner can normally be reached 8:00 am - 4:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alford Kindred can be reached on 571-272-4037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JOSHUA BULLOCK/Primary Examiner, Art Unit 2153                                                                                                                                                                                                        September 23, 2022