Security alert prioritization for cloud-based resources

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 4/05/20 has been entered. Information Disclosure Statement The information disclosure statement (IDS) submitted on 3/31/2026 was filed after the mailing date of the Advisory Action on 3/25/2026. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Status of Claims Claims 1, 14 and 15 were amended on 3/12/2026 and claims 1 – 15 are pending. Response to Amendment Claim Rejections - 35 USC § 102 Amendment to Claims 1, 14 and 15 does not overcame 35USC102 rejection and the prior art rejection has been maintained. Response to Arguments For clarity, Examiner notes that 35 USC 112 rejection on claim 6-11 was withdrawn in the Advisory Action dated 3/25/2026. Amendment to claims 1, 14 and 15 does not overcome the prior art rejection and Examiner maintains 35 USC 102 rejection under the cited prior art Hecht et al. (US Patent 11,140,194). Applicant remarks independent claims 1, 14 and 15 have been amended limitations “identifying a plurality of attack paths traversing the cloud-based resources, each attack path comprising an ordered sequence of a subset of the cloud-based resources that a malicious actor can traverse to gain unauthorized access to a service provided by the cloud computing system” does not disclosed in the cited prior art. Examiner directs Hecht for disclosed techniques to identifying a plurality of cloud-based environment for a plurality of computing environments, a security-sensitive status corresponding to cloud-based environment and identifying security-sensitivity status gap that includes identifying frequency of attacks and security threats. Generated security status report and alerts, including security-sensitivity status score and transmit/display the report to another security platform. Additionally, Hecht discloses prioritizing cloud-based resources by identifying the highest risk factors to be prioritized on the security-sensitivity status scores, as already detailed in the previous office action. In addition, Hecht discloses a malicious user could cause harm by gaining access to potential avenues of attack the target resource such as trusted cloud platform resources, cloud-based assets. Therefore, Examiner maintains the prior art rejection. Dependent Claims 2 – 13 are rejected by the virtue of their dependencies on the rejected claim 1 as detailed above. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1 – 15 are rejected under 35 U.S.C. 102 (a) as being anticipated by Hecht et al. US Patent number 11,140,194. As per claims 1, 14 and 15, Hecht teaches “receiving security alerts pertaining to cloud-based resources of the cloud-computing system (Fig. 1, 2; and the associated text; Cloud computing environment 102; security report and alerts); identifying a plurality of attack paths traversing the cloud-based resources, each attach path comprising an ordered sequence of subset of the cloud-based resources that a malicious actor can traverse to gain unauthorized access to a service provided by the cloud computing system (Background; Fig. 1, 2; and the associated text; frequency of attacks; identifying and reviewing historic and existing attacks; identifying the potential avenues of attack from a malicious entity; resources, security risk and order of security measures implemented for each of the cloud-based resources); computing respective impact scores for the cloud-based resources based on respective counts of the identified attack paths traversing each of the cloud-based resources (Fig. 1, 2; and the associated text; frequency of attacks; identifying and reviewing historic and existing attacks); and prioritizing the security alerts responsively to the respective impact scores of the cloud-based resources to which the security alerts pertain” ( Summary; priority list; prioritizing security gap, taking remedial actions; Fig. 1- 8, distributed resources, security server 105; permission types for the resources; security threats). As per claim 2, Hecht further discloses the teaching of claim 1, “wherein the security alerts have respective severity levels, and further comprising computing a resource severity score for each given cloud-based resource based on is respective impact score and the severity levels of the security alerts pertaining to the given cloud-based resource, and prioritizing the security alerts responsively to the respective resource severity scores of the cloud-based resources to which the security alerts pertain” (Fig.2 and 5; and the associated text; score corresponding to the severity of risk, attack damage, security report/alert/score report). As per claim 3, Hecht further discloses the teaching of claim 2, “wherein the severity levels range from low severity to high severity, and wherein computing the resource severity scores comprise applying exponential scaling factors to the severity levels so as to prioritize the security alerts having high severity” (Fig.2, 5; and the associated text; severity of risk; highest score addressing first; prioritization for efficiency). As per claim 4, Hecht further discloses the teaching of claim 2, “wherein the security alerts have respective times, and wherein computing the resource severity score for each given cloud-based resource is based on the respective times of the security alerts pertaining to the given cloud-based resource” (Fig.2, 5; and the associated text). As per claim 5, Hecht further discloses the teaching of claims 1, 2 and 4, "wherein the respective times comprise first times, wherein the resource severity scores are computed at respective second times subsequent to the first times, and further comprising computing, for each given security alert pertaining to one of the cloud based resources, a respective time decay factor based on a difference between its respective first time and the second time for the resource severity score for the one of the cloud-based resources, and computing the resource severity score for each given cloud-based resource based on the respective time decay factors of the security alerts pertaining to the given cloud-based resource" (Fig.2, 5; and the associated text). As per claim 6, Hecht further discloses the teaching of claim 2, "grouping the cloud- based resources based on a grouping parameter, assigning risk levels to the cloud-based resources based on specified score ranges for the grouping parameter, and wherein prioritizing the security alerts responsively to the respective resource severity scores of the cloud-based resources to which the security alerts pertain comprises prioritizing the security alerts responsively to the respective assigned risk levels for the cloud-based resources to security alerts pertain" (Fig.5; and the associated text; including usage of threshold value in performing the risk and severity of attacks/assessment). As per claim 7, Hecht further discloses the teaching of claims 1, 2 and 6, "wherein a given grouping parameter comprises all the cloud-based resources" (Background of the Invention; Column 7 lines 3 - 6). As per claim 8, Hecht further discloses the teaching of claims 1, 2 and 6, "wherein the received security alerts were conveyed by one of more software applications executing in the cloud computing system, and wherein a given grouping parameter comprises a given software application" (Column 11 lines 5 - 10 and 25 - 30). As per claim 9, Hecht further discloses the teaching of claims 1, 2 and 6, "wherein the cloud-based resources have respective resource types, and wherein a given grouping parameter comprises a given resource type" (Column 11 lines 38 - 47). As per claim 10, Hecht further discloses the teaching of claims 1, 2 and 6, "wherein the cloud-based resources have respective resource groupings, and wherein a given grouping parameter comprises a given resource group" (Column 10 lines 48 - 62 and Column 11 lines 38 - 47). As per claim 11, Hecht further discloses the teaching of claims 1, 2 and 6, "wherein the cloud-based resources have respective build types, and wherein a given grouping parameter comprises a given build type" (Column 10 lines 48 - 62). As per claim 12, Hecht further discloses the teaching of claim 1, “wherein a given attack path comprises an ordered sequence of a subset of the cloud- based resources that exposes a service provided by the cloud computing system” (Detailed Description of invention; Fig. 5; Column 15 lines 49 – 56). As per claim 13, Hecht further discloses the teaching of claim 1, “wherein the cloud-based resources comprise respective configuration settings, and wherein a given security alert pertaining to a given cloud- based resource indicates the configuration settings for the given cloud-based resource do not comply with a specified configuration policy” (Summary and description of several embodiments; Column 4 lines 55 – 61; Column 13 lines 27 – 36). Conclusion Examiner reached out to the Attorney on record David Katz at 248-675-8277 to offer help improving the claims with the subject matter that is disclosed in the instant specification in order to claim the instant invention in its entirety, Attorney declined any Examiner’s amendment. Examiner has addressed the relevant paragraphs from the instant specification in support for further improvement and to overcome the cited prior art (See also, PTO 892). Examiner suggests clarifying “protecting a cloud computing system” with the subject matter that is disclosed in para [0028 – 0029]. Though paragraphs [0099-0101 and [0120] provides support for the amended limitation “a malicious actor can traverse to gain unauthorized access to a service provided by the cloud computing system”, the claims do not clarify the method of “protecting a cloud computing system” which is disclosed in paragraph [0028 – 0029], “The security alerts can be prioritized responsively to the respective impact scores of the cloud-based resources, and the security alerts can analyze to identify security violations for a given cloud-based resource that, when rectified, can break multiple attack paths”. Amending Claim 6 which recites, in part, “assigning risk levels to the cloud-based resources based on specified score ranges for the grouping parameter, and wherein prioritizing the security alerts responsively to the respective resource severity scores of the cloud-based resources to which the security alerts pertain comprises prioritizing the security alerts responsively to the respective assigned risk levels for the cloud-based resources” with the suggested subject matter from the instant specification differentiates the instant claims. Any inquiry concerning this communication or earlier communications from the examiner should be directed to PRAMILA PARTHASARATHY whose telephone number is (571)272-3866. The examiner can normally be reached Mon-Fri: 7AM - 2PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached at (571)270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /PRAMILA PARTHASARATHY/ Primary Examiner, Art Unit 2409