DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-3, 11-13, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Apostolopoulos (US 2019/0124104 A1).
Regarding claims 1, 11, and 20, Apostolopoulos discloses a computer-implemented method (Fig. 18), comprising: 
accessing information (Fig. 18, blocks 1810-1830, receive event data, acquire event relationship graph for each event, and acquire anomaly data indicative of security related anomalies detected for event data) for a knowledge graph (Fig. 16), the knowledge graph having nodes (Fig. 16, U1-U11, IP1-IP7, and I1-I4) and edges of a network (Fig. 16, connections between U1-U11, IP1-IP7, and I1-I4.  Herein, edges are connections, see 62nd paragraph of the specification) and having information regarding one or more security incidents in the network (Fig. 16 includes indicators of anomalies and threats); 
grouping together related entities from the knowledge graph (Fig. 23), where the related entities that are grouped together are determined by types of the entities (238th paragraph, entities associated with the activities can be grouped into smaller time units), and also by one or more threats impacting the entities (239th paragraph, threats can be detected based on the risk score of group of linked entities), wherein the one or more threats correspond to the one or more security incidents (Fig. 18, threat is derived from anomalies or incidents); 
arranging the grouped related entities in visualization data in order that the visualization data are configured to provide a visualization of the knowledge graph with the grouped related entities and any corresponding threats impacting the grouped related entities (Figs. 11, 16, and 23); and
 outputting the visualization data (Fig. 23).

Regarding claims 2 and 12, Apostolopoulos discloses wherein the types of the entities comprise one or more of the following: one or more assets in the network (Fig. 16); one or more external connections from the one or more assets to the one or more threats (Fig. 16); and the one or more threats that correspond to assets via the one or more external connections (Fig. 16).  

Regarding claims 3 and 13, Apostolopoulos discloses that wherein the types of entities further comprise one or more security alert sources (Fig. 16 and 212th paragraph, I1 through I4 represent anomaly nodes).

Allowable Subject Matter
Claims 4-10 and 14-19 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.

Response to Arguments
Applicant's arguments filed October 13, 2022 have been fully considered but they are not persuasive. 
Applicant argues in page 12 that Apostolopoulos does not disclose output visualization data of a knowledge graph with grouped related entities and corresponding threats.  Examiner respectfully disagrees.  Apostolopoulos discloses detecting anomalies, identifying threat indicators, and identifying threats (Fig. 11).  Apostolopoulos discloses a relationship graph showing groups and components having affected threats (Figs. 16 and 23).  Herein, the contents shown in Figs. 11, 16, and 23 of Apostolopoulos are visualization data. 
Applicant argues in page 13 that composite relationship graph is not visualization data.  Examiner respectfully disagrees.  Independent claim 1 does not disclose or specifically define what the visualization data is.
Applicant argues in page 15 that the visualization data is illustrated in Applicant’s Fig. 2.  However, the assets, external connections, links, windows, views, etc… illustrated in Fig. 2 are not part of the claimed invention.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANH VU H LY whose telephone number is (571)272-3175. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hassan Kizou can be reached on 571-272-3088. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

ANH VU H. LY
Primary Examiner
Art Unit 2472



/ANH VU H LY/Primary Examiner, Art Unit 2472