ATTACK PATH DISCOVERY ENGINE IN A SECURITY MANAGEMENT SYSTEM

§102 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to Applicant’s communication filed on 10/29/2025. Claims 1-20 have been examined. Response to Arguments Applicant’s arguments with respect to claims 1,11,16 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. With regards to 112 2nd rejection , Applicant’s amendment overcomes the rejection. Therefore, the rejection is withdrawn. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-4,10,16 -18 are rejected under 35 U.S.C. 102 (a1) as being anticipated by Brown et al. Publication No. US 2023/0328094 A1 ( Brown hereinafter) Regarding claim 1, Brown teaches a computerized system comprising: one or more computer processors; and computer memory storing computer-useable instructions that, when used by the one or more computer processors, cause the one or more computer processors to perform operations (Fig.4), the operations comprising: accessing an attack path discovery computation model, wherein the attack path discovery computation model supports automatically discovering attack paths for computing environments associated with computing environment graphs, wherein the attack path discovery computation model is associated with an attack path discovery template that supports discovering the attack paths, the attack path discovery template ( ¶0041 – ¶ 0042 -disclosed herein are embodiments for a comprehensive risk management system, referred to herein as GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors and optimize the placement of defenses within the system for optimal performance and cost. While existing risk management systems consider only known attacks, embodiments of the disclosed model employ a graphical approach to extrapolate undiscovered exploits, enabling identification of attacks overlooked by manual penetration testing (pen-testing). The model is flexible enough to analyze practically any IoT/CPS and provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost. GRAVITAS can be employed by governments, companies, and system administrators to configure secure IoT/CPS at scale, providing a quantitative measure of security and efficiency in a world where IoT/CPS devices will soon be ubiquitous -With an IoT/CPS configuration and threat model as input, and a list of the most cost-effective defenses as output, GRAVITAS presents a security model that allows the system administrator to discover new attack vectors and proactively configure secure IoT/CPS both pre- and post-deployment – ¶ 0021 -FIG. 6 depicts a table of exploit goals in a master attack graph template according to an embodiment of the present invention – See Also ¶0089, ¶0091). comprising: an entry point element that defines a starting node where an attacker gains initial access (¶ 0070 -A: The nodes at which an adversary can access the system. These "entry nodes" are the starting points for any attack. They are also vulnerabilities (A c N)). an advancement step element that defines a conditional operation that enables attacker movement between nodes based on an authenticated connection or a privilege escalation condition ( ¶ 0063 -series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node). The SHARKS attack graph, shown in FIG. 2 was created by deconstructing 41 known attacks on IoT/CPS into a series of steps represented by a vulnerability node chain (an exploit), and subsequently merging every node chain into a single directed acyclic graph (DAG). This graph makes no distinctions between network-level, hardware-level, or software level nodes: what matters is the procedure that brings attackers to their desired destination – ¶ 0099 – ¶ 0101 -. Permission Subgraphs: GRAVITAS allows the system administrator to specify permissions for every device. Unlike other attack graph models, the access permissions are each represented by a separate copy of a subgraph - Two different types of permissions are modeled: login permissions and execute command permissions. With a login permission, a user with the correct credentials can execute any (permitted) command on the system – See Also Claims 34 -35,¶ 0068). a target element that defines an endpoint node representing a critical computing asset identified by condition indicating sensitive or high-value (¶ 0071 -The leaf nodes of the graph. These represent the completion of an attack (L c N). These "exploit goals" represent the end goal of an adversary's attack, such as "Disable device" or "DoS attack," as nonlimiting example ¶ 0072 -P: The set of nodes that constitute a complete attack vector. Each exploit begins at an entry node and concludes at an exploit goal node. More formally, an exploit Pis any ordered set of nodes in the form { a, n1 , ... , n1o I} where aEA, 11;EN, !EL. The same entry node and exploit goal pair can be a part of multiple attack vectors – ¶ 0128 - In FIG. 23, it is observed that the end result of the exploit is a DoS attack on the cloud server for the Google Home device. Its origin is a malware downloaded onto a laptop, which in tum instructs the Samsung fridge to flood the Google Home server with bogus traffic, thus launching a DoS attack.. GRAVITAS recognizes the importance of these vulnerabilities due to their crucial role in several attack vectors that lead to attack outcomes with high impact scores – See Fig.24 ); using the attack path discovery computation model. The attack path discovery template, and a computing environment graph for a computing environment, identifying a plurality of attack paths associated with the computing environment; and communicate the plurality of attack paths for the computing environment (¶ 0013, Claim 1 -construct an attack directed acyclic graph (DAG) unique to each CPS or IoT device of the devices, each attack DAG comprising a first plurality of nodes, each node of the first plurality representing a system-level operation of the device, a plurality of paths, each path representing an attack vector of the device, and a second plurality of nodes, each node of the second plurality representing an exploit goal of the device ¶ 0127 -Both attacks demonstrate GRAVITAS's ability to include IoT/CPS-specific vulnerabilities in the attack graph, such as physical tampering for edge-side devices. There are numerous paths through the system available to the adversary, and GRAVITAS can find those attack vectors that are most likely to be targeted – ¶ 0041 -GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors and optimize the placement of defenses within the system for optimal performance and cost. While existing risk management systems consider only known attacks, embodiments of the disclosed model employ a graphical approach to extrapolate undiscovered exploits, enabling identification of attacks overlooked by manual penetration testing (pen-testing). The model is flexible enough to analyze practically any IoT/CPS and provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost. ¶ 0053 -Discovers novel attack vectors - ¶ 0056 - (5) Incorporates novel attack vectors that have not yet been exploited in real-world systems. – See Also ¶ 0129,¶ 0133). Regarding claim 2, Brown further teaches wherein the attack path discovery computation model further accesses the attack path discovery template comprising the entry point element, the advancement step element, and the target element associated with corresponding conditions that are evaluated to identify the plurality of attack paths (¶ 0043 - The novelty of the proposed methodology lies in at least the following: (0044] (1) An automated IoT/CPS-specific exploit discovery tool that includes potential vulnerabilities and attack vectors that have yet to be discovered – ¶ 0021 – 0022 - FIG. 6 depicts a table of exploit goals in a master attack graph template according to an embodiment of the present invention – ¶ 0063 - SHARKS eschews a rigid classification and models an exploit chain (attack vector) as it appears to an adversary: a series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node). ¶ 0070 - The nodes at which an adversary can access the system. These "entry nodes" are the starting points for any attack. They are also vulnerabilities (A c N). ¶ 0071-0072 - The leaf nodes of the graph. These represent the completion of an attack (L c N). These "exploit goals" represent the end goal of an adversary's attack, such as "Disable device" or "DoS attack – ¶ 0042 - These attack vectors are then assigned risk scores according to a probabilistic method that models the interaction between attack impacts and the graph's vulnerabilities. – ¶ 0082 - GRAVITAS solves this issue by creating a unique attack DAG for every device in an IoT/CPS and adding additional pathways between devices based on network topology). Regarding claim 3, Brown further teaches wherein identifying an attack path comprises: based on the entry point element, identifying an entry point in the computing environment graph; based on the advancement step element, identifying an advancement step in the computing environment graph; based on the target element, identifying a target in the computing environment graph; and generating the attack based on the entry point, the advancement step, and the target (¶ 0063 - SHARKS eschews a rigid classification and models an exploit chain (attack vector) as it appears to an adversary: a series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node) – ¶ 0089 - All device attack graphs used in GRAVITAS are derived in part from an updated version of the SHARKS graph. This master attack graph template (J) includes a subset of the original SHARKS graph, including ML-predicted edges between nodes that indicate new vulnerabilities - ¶ 0070 - The nodes at which an adversary can access the system. These "entry nodes" are the starting points for any attack – ¶ 0090 - Every graph J also contains a new set of nodes designated as exploit goals, L. The table in FIG. 6 lists the exploit goals, which collectively represent IoT/CPS exploits. In addition, certain nodes from the original SHARKS graph are designated as entry nodes, A – ¶ 0079 - The adversary reaches the desired I by starting at an entry node a and passing through other vulnerability nodes n,EN. This complete path P is known as an exploit chain or attack and may involve vulnerabilities in multiple devices – ). ¶ 0071 - The leaf nodes of the graph. These represent the completion of an attack (L c N). These "exploit goals" represent the end goal of an adversary's attack, such as "Disable device" or "DoS attack – ¶ 0072- The set of nodes that constitute a complete attack vector. Each exploit begins at an entry node and concludes at an exploit goal node. More formally, an exploit Pis any ordered set of nodes in the form). Regarding claim 4, Brown further teaches wherein: the entry point element is associated with two or more of: an entry point tile, an entry point node, an entry point insight, and an entry point condition; the advancement step element is associated with three or more of: a source node, an edge, a target node, a target node condition, an edge condition, and an action; and the target element is associated with two or more of : a target title, a target, a target insight, and a target condition (¶0070 - A: The nodes at which an adversary can access the system. These "entry nodes" are the starting points for any attack. They are also vulnerabilities (A c N) – Abstract - The processors are further configured to generate an aggregate attack DAG from a classification of each device and a location of each device in network topology specified by a system administrator – ¶0079 - The adversary reaches the desired I by starting at an entry node a and passing through other vulnerability nodes n,EN – ¶0068 - E: The set of edges in the graph. Edges represent exploits, or pathways between vulnerabilities. Unlike in other attack graph models, edges do not have an access control parameter; each edge instead represents a possible path between vulnerabilities – ¶ 0063 - SHARKS eschews a rigid classification and models an exploit chain (attack vector) as it appears to an adversary: a series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node). The SHARKS attack graph, shown in FIG. 2 was created by deconstructing 41 known attacks on IoT/CPS into a series of steps represented by a vulnerability node chain (an exploit), and subsequently merging every node chain into a single directed acyclic graph (DAG)- ¶ 077- Exploitability refers to the effort required by an adversary to "succeed" in an attack step, while impact refers to the damage that a successful attack can inflict on the security of the system – ¶0013 - Each attack DAG includes a first plurality of nodes, where each node of the first plurality represents a system level operation of the device. Each attack DAG further includes a plurality of paths, where each path represents an attack vector of the device. Each attack DAG also includes a second plurality of nodes, where each node of the second plurality represents an exploit goal of the device – ¶0079 - The threat model here includes an adversary who wishes to achieve an exploit goal I with a motivation specified by its impact score. The adversary reaches the desired I by starting at an entry node a and passing through other vulnerability nodes n,EN. This complete path P is known as an exploit chain or attack and may involve vulnerabilities in multiple devices). Regarding claim 10, Brown further teaches receiving an indication to execute a remediation action associated with an attack path associated with a security visualization; and executing the remediation action (¶0041 - provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost – ¶ 0042 – GRAVITAS suggests defenses to the system using an optimization process that lowers the risk score at minimum cost. With an IoT/CPS configuration and threat model as input, and a list of the most cost-effective defenses as output, GRAVITAS presents a security model that allows the system administrator to discover new attack vectors and proactively configure secure IoT/CPS both pre- and post-deployment – See also ¶ 0012). Regarding claim 16, Brown teaches a computerized implemented method, the method comprising: accessing an attack path discovery computation model, wherein the attack path discovery computation model supports automatically discovering attack paths for computing environments associated with computing environment graphs, accessing a computing environment graph comprising computing components of a computing environment; using the attack path discovery computation model and the computing environment graph, identifying a plurality of attack paths associated with the computing environment, wherein the attack path discovery computation model is associated with an attack path discovery template that supports discovering the attack paths, the attack path discovery template ( ¶ 0041 – ¶ 0042 -disclosed herein are embodiments for a comprehensive risk management system, referred to herein as GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors and optimize the placement of defenses within the system for optimal performance and cost. While existing risk management systems consider only known attacks, embodiments of the disclosed model employ a graphical approach to extrapolate undiscovered exploits, enabling identification of attacks overlooked by manual penetration testing (pen-testing). The model is flexible enough to analyze practically any IoT/CPS and provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost. GRAVITAS can be employed by governments, companies, and system administrators to configure secure IoT/CPS at scale, providing a quantitative measure of security and efficiency in a world where IoT/CPS devices will soon be ubiquitous -With an IoT/CPS configuration and threat model as input, and a list of the most cost-effective defenses as output, GRAVITAS presents a security model that allows the system administrator to discover new attack vectors and proactively configure secure IoT/CPS both pre- and post-deployment – ¶ 0021 -FIG. 6 depicts a table of exploit goals in a master attack graph template according to an embodiment of the present invention – See Also ¶0089, ¶0091) . comprising: an entry point element that defines a starting node where an attacker gains initial access (¶ 0070 - A: The nodes at which an adversary can access the system. These "entry nodes" are the starting points for any attack. They are also vulnerabilities (A c N). ). an advancement step element that defines a conditional operation that enables attacker movement between nodes based on an authenticated connection or a privilege escalation condition ( ¶ 0063 -series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node). The SHARKS attack graph, shown in FIG. 2 was created by deconstructing 41 known attacks on IoT/CPS into a series of steps represented by a vulnerability node chain (an exploit), and subsequently merging every node chain into a single directed acyclic graph (DAG). This graph makes no distinctions between network-level, hardware-level, or software level nodes: what matters is the procedure that brings attackers to their desired destination – ¶ 0099 – ¶ 0101 -. Permission Subgraphs: GRAVITAS allows the system administrator to specify permissions for every device. Unlike other attack graph models, the access permissions are each represented by a separate copy of a subgraph - Two different types of permissions are modeled: login permissions and execute command permissions. With a login permission, a user with the correct credentials can execute any (permitted) command on the system – See Also Claims 34 -35,¶ 0068). a target element that defines an endpoint node representing a critical computing asset identified by condition indicating sensitive or high-value ( ¶ 0071 -The leaf nodes of the graph. These represent the completion of an attack (L c N). These "exploit goals" represent the end goal of an adversary's attack, such as "Disable device" or "DoS attack," as nonlimiting example ¶ 0072 -P: The set of nodes that constitute a complete attack vector. Each exploit begins at an entry node and concludes at an exploit goal node. More formally, an exploit Pis any ordered set of nodes in the form { a, n1 , ... , n1o I} where aEA, 11;EN, !EL. The same entry node and exploit goal pair can be a part of multiple attack vectors – ¶ 0128 - In FIG. 23, it is observed that the end result of the exploit is a DoS attack on the cloud server for the Google Home device. Its origin is a malware downloaded onto a laptop, which in tum instructs the Samsung fridge to flood the Google Home server with bogus traffic, thus launching a DoS attack.. GRAVITAS recognizes the importance of these vulnerabilities due to their crucial role in several attack vectors that lead to attack outcomes with high impact scores – See Fig.24 ) ; communicate the plurality of attack paths for the computing environment ( ¶ 0013, Claim 1 -construct an attack directed acyclic graph (DAG) unique to each CPS or IoT device of the devices, each attack DAG comprising a first plurality of nodes, each node of the first plurality representing a system-level operation of the device, a plurality of paths, each path representing an attack vector of the device, and a second plurality of nodes, each node of the second plurality representing an exploit goal of the device = ¶ 0127 -Both attacks demonstrate GRAVITAS's ability to include IoT/CPS-specific vulnerabilities in the attack graph, such as physical tampering for edge-side devices. There are numerous paths through the system available to the adversary, and GRAVITAS can find those attack vectors that are most likely to be targeted – ¶ 0041 -GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors and optimize the placement of defenses within the system for optimal performance and cost. While existing risk management systems consider only known attacks, embodiments of the disclosed model employ a graphical approach to extrapolate undiscovered exploits, enabling identification of attacks overlooked by manual penetration testing (pen-testing). The model is flexible enough to analyze practically any IoT/CPS and provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost. ¶ 0053 -Discovers novel attack vectors - ¶ 0056 - (5) Incorporates novel attack vectors that have not yet been exploited in real-world systems. – See Also ¶ 0129,¶ 0133). Regarding claim 17, Brown further teaches wherein the attack path discovery computation model further accesses the attack path discovery template comprising the entry point element, the advancement step element, and the target element associated with corresponding conditions that are evaluated to identify the plurality of attack paths (¶ 0043 - The novelty of the proposed methodology lies in at least the following: (0044] (1) An automated IoT/CPS-specific exploit discovery tool that includes potential vulnerabilities and attack vectors that have yet to be discovered – ¶ 0021 – 0022 - FIG. 6 depicts a table of exploit goals in a master attack graph template according to an embodiment of the present invention – ¶ 0063 - SHARKS eschews a rigid classification and models an exploit chain (attack vector) as it appears to an adversary: a series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node). ¶ 0070 - The nodes at which an adversary can access the system. These "entry nodes" are the starting points for any attack. They are also vulnerabilities (A c N). ¶ 0071-0072 - The leaf nodes of the graph. These represent the completion of an attack (L c N). These "exploit goals" represent the end goal of an adversary's attack, such as "Disable device" or "DoS attack – ¶ 0042 - These attack vectors are then assigned risk scores according to a probabilistic method that models the interaction between attack impacts and the graph's vulnerabilities. – ¶ 0082 - GRAVITAS solves this issue by creating a unique attack DAG for every device in an IoT/CPS and adding additional pathways between devices based on network topology). Regarding claim 18, Brown further teaches wherein identifying an attack path comprises: based on the entry point element, identifying an entry point in the computing environment graph; based on the advancement step element, identifying an advancement step in the computing environment graph; based on the target element, identifying a target in the computing environment graph; and generating the attack based on the entry point, the advancement step, and the target (¶ 0063 - SHARKS eschews a rigid classification and models an exploit chain (attack vector) as it appears to an adversary: a series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node) – ¶ 0089 - All device attack graphs used in GRAVITAS are derived in part from an updated version of the SHARKS graph. This master attack graph template (J) includes a subset of the original SHARKS graph, including ML-predicted edges between nodes that indicate new vulnerabilities - ¶ 0070 - The nodes at which an adversary can access the system. These "entry nodes" are the starting points for any attack – ¶ 0090 - Every graph J also contains a new set of nodes designated as exploit goals, L. The table in FIG. 6 lists the exploit goals, which collectively represent IoT/CPS exploits. In addition, certain nodes from the original SHARKS graph are designated as entry nodes, A – ¶ 0079 - The adversary reaches the desired I by starting at an entry node a and passing through other vulnerability nodes n,EN. This complete path P is known as an exploit chain or attack and may involve vulnerabilities in multiple devices – ). ¶ 0071 - The leaf nodes of the graph. These represent the completion of an attack (L c N). These "exploit goals" represent the end goal of an adversary's attack, such as "Disable device" or "DoS attack – ¶ 0072- The set of nodes that constitute a complete attack vector. Each exploit begins at an entry node and concludes at an exploit goal node. More formally, an exploit Pis any ordered set of nodes in the form). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 5,19 are rejected under 35 U.S.C. 103 as being unpatentable over Brown in view of Komarov et al. Publication No. US 2025/0112949 A1 ( Komarov hereinafter) further in view of Soroush et al. Publication No. US 2021/0012012 A1 ( Soroush hereinafter) . Regarding claim 5, Brown does not explicitly teach storing the plurality of attack paths in an attack path database, wherein the attack path database is associated with one or more security services via an attack path data Application Programming Interface (API), wherein the one or more security services access the plurality of attack paths to support executing security operations. However, Komarov teaches storing the plurality of attack paths in an attack path database, wherein the attack path database is associated with one or more security services via an interface, wherein the one or more security services access the plurality of attack paths to support executing security operations (Fig.4 – shows a table storing a plurality of network attack paths – ¶ 0163 - The network attack path visualization 600 of this example includes at least one GUI element containing information about an attack path definition 604 to which a relational representation of the attack path conforms. For example, the attack path 602 may be identified as an attack path because portion(s) of the network attack path table 400, the network attack path resource table 410, and/or the network attack path network connection table 420 corresponding to the attack path 602 conform to the attack path definition of a publicly exposed compute instance with attached privileged role. The at least one GUI element also includes a description, impact, and remediation measures (e.g., measures that may mitigate and/or resolve the security vulnerability). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Brown to include the teachings of Komarov. The motivation for doing so is to allow the system to mitigate and/or resolve the security vulnerability (Komarov – ¶ 0163). Brown in view of Komarov does not explicitly teach wherein the attack path database is associated with one or more security services via an attack path data Application Programming Interface (API), Soroush teaches wherein the attack path database is associated with one or more security services via an attack path data Application Programming Interface (API), wherein the one or more security services access the plurality of attack paths to support executing security operations (¶ 0039 - based on the data ingested in the data ingestion framework, build a query able, graph-based representation of the relationships between configuration vulnerabilities and attack scenarios, configuration parameters, and system components (modeling framework); provide an application programming interface (API) to perform a quantitative, comparative analysis of the security impact of configuration settings (reasoning framework); automatically construct a constraint satisfaction problem based on the model and utilize a Z3 SMT solver to solve for optimal parameter values (reasoning framework); and provide human-readable evidence about the optimality of the selected configuration. the modeling framework can store relationships between system components, configuration parameters, configuration predicates, and vulnerabilities in a query able, graph-based form. The modeling framework can also provide an application programming interface (API) to quantitatively evaluate the security of different system configurations using topological vulnerability analysis (e.g., by assessing and calculating the impact of one or more attack paths). The modeling framework can be built using a graph database platform, such as Neo4j, and the modeling framework can convert all ingested information into a graphical format. The modeling framework APis which provide security evaluation and configuration impact analysis may be implemented as a Neo4j plug-in, which can: analyze attack scenarios) . It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Brown in view of Komarov to include the teachings of Soroush. The motivation for doing so is to allow the system to provide an application programming interface (API) to quantitatively evaluate the security of different system configurations using topological vulnerability analysis by assessing and calculating the impact of one or more attack paths (Soroush– ¶ 0039). Regarding claim 19, Brown does not explicitly teach storing the plurality of attack paths in an attack path database, wherein the attack path database is associated with one or more security services via an attack path data Application Programming Interface (API), wherein the one or more security services access the plurality of attack paths to support executing security operations. However, Komarov teaches storing the plurality of attack paths in an attack path database, wherein the attack path database is associated with one or more security services via an interface, wherein the one or more security services access the plurality of attack paths to support executing security operations (Fig.4 – shows a table storing a plurality of network attack paths – ¶ 0163 - The network attack path visualization 600 of this example includes at least one GUI element containing information about an attack path definition 604 to which a relational representation of the attack path conforms. For example, the attack path 602 may be identified as an attack path because portion(s) of the network attack path table 400, the network attack path resource table 410, and/or the network attack path network connection table 420 corresponding to the attack path 602 conform to the attack path definition of a publicly exposed compute instance with attached privileged role. The at least one GUI element also includes a description, impact, and remediation measures (e.g., measures that may mitigate and/or resolve the security vulnerability). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Brown to include the teachings of Komarov. The motivation for doing so is to allow the system to mitigate and/or resolve the security vulnerability (Komarov – ¶ 0163). Brown in view of Komarov does not explicitly teach wherein the attack path database is associated with one or more security services via an attack path data Application Programming Interface (API), Soroush teaches wherein the attack path database is associated with one or more security services via an attack path data Application Programming Interface (API), wherein the one or more security services access the plurality of attack paths to support executing security operations (¶ 0039 - based on the data ingested in the data ingestion framework, build a query able, graph-based representation of the relationships between configuration vulnerabilities and attack scenarios, configuration parameters, and system components (modeling framework); provide an application programming interface (API) to perform a quantitative, comparative analysis of the security impact of configuration settings (reasoning framework); automatically construct a constraint satisfaction problem based on the model and utilize a Z3 SMT solver to solve for optimal parameter values (reasoning framework); and provide human-readable evidence about the optimality of the selected configuration. the modeling framework can store relationships between system components, configuration parameters, configuration predicates, and vulnerabilities in a query able, graph-based form. The modeling framework can also provide an application programming interface (API) to quantitatively evaluate the security of different system configurations using topological vulnerability analysis (e.g., by assessing and calculating the impact of one or more attack paths). The modeling framework can be built using a graph database platform, such as Neo4j, and the modeling framework can convert all ingested information into a graphical format. The modeling framework APis which provide security evaluation and configuration impact analysis may be implemented as a Neo4j plug-in, which can: analyze attack scenarios) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Brown in view of Komarov to include the teachings of Soroush. The motivation for doing so is to allow the system to provide an application programming interface (API) to quantitatively evaluate the security of different system configurations using topological vulnerability analysis by assessing and calculating the impact of one or more attack paths (Soroush– ¶ 0039). Claims 6,8,9 are rejected under 35 U.S.C. 103 as being unpatentable over Brown in view of Napper et al Publication No. US 2024/0265112 A1 ( Napper hereinafter) Regarding claim 6, Brown further teaches communicating a security visualization comprising an attack path, wherein the attack path is associated with a prioritization identifier and a risk score (¶0082 employing a "defense-in-depth" optimization approach that is intractable to human analysis. By giving an administrator the ability to visualize and mitigate IoT/CPS exploits before the system is deployed, GRAVITAS hopes to prevent the next Mirai-like attack before it happens – ¶ 0042 - These attack vectors are then assigned risk scores according to a probabilistic method that models the interaction between attack impacts and the graph's vulnerabilities. Using these quantitative scores as a foundation for measuring risk, GRAVITAS suggests defenses to the system using an optimization process that lowers the risk score at minimum cost – ¶ 0058 - 7) Can find "the weakest link" (most vulnerable part of the system) ). However, Brown does not explicitly teach that the security visualization is a posture visualization Napper teaches A posture visualization ( ¶ 0070 - FIG. 4 shows a visualization interface 400 comprising a representation of the attack path visualization 300, in accordance with one or more embodiments. Specifically, FIG. 4 illustrates an example embodiment of a security posture graph modified by one or more user visualization commands 278 indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability (e.g., risk tolerance level 222) selection. The visualization interface 400 comprises an overview of any impacted assets 320 and corresponding vulnerabilities 410, which are shown to comprise three attack vectors 192, twelve attack paths 155, six services, and four sensitive asset groups 272 or categories. In some embodiments, the visualization interface 400 may be generated based on a particular view, a particular time period (e.g., last 1 month), a data type, a region, a vulnerability, and the like [0072] FIG. 5 shows a visualization interface 500 comprising a representation of the attack path visualization 300, in accordance with one or more embodiments. Specifically, FIG. 5 illustrates an example embodiment of a security posture diagram modified by one or more user visualization commands 278 indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability (e.g., risk tolerance level 222) selection. The visualization interface 500 comprises an overview of any impacted assets 320 and corresponding vulnerabilities 410, which are shown to comprise twelve attack vectors 192 and thirty attack paths 155. In some embodiments, the visualization interface 400 may be generated based on a particular view, a particular time period (e.g., last 1 month), a data type, a region, a vulnerability, and the like. The visualization interface 500 may comprise twelve attack techniques 510, three attack types 530, and three severity levels 540.) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Brown to include the teachings of Napper. The motivation for doing so is to allow the system to map attack paths in a visualization interface (Napper– Abstract). Regarding claim 8, Brown further teaches generating a security [..] visualization associated with the computing environment, wherein the security [..] visualization comprises one or more attack paths; and communicating the security [..] visualization comprising the one or more attack paths (¶ 0082 -. By giving an administrator the ability to visualize and mitigate IoT/CPS exploits before the system is deployed, GRAVITAS hopes to prevent the next Mirai-like attack before it happens – ¶ 0042 - With an IoT/CPS configuration and threat model as input, and a list of the most cost-effective defenses as output, GRAVITAS presents a security model that allows the system administrator to discover new attack vectors and proactively configure secure IoT/CPS both pre- and post-deployment.) . However, Brown does not explicitly teach receiving a request for the security posture of the computing environment; generating a security posture visualization associated with the computing environment, wherein the security posture visualization comprises one or more attack paths; and communicating the security posture visualization comprising the one or more attack paths Napper teaches receiving a request for the security posture of the computing environment; generating a security posture visualization associated with the computing environment, wherein the security posture visualization comprises one or more attack paths; and communicating the security posture visualization comprising the one or more attack paths ( ¶ 0016 - In some cases, in conjunction with determining the first attack path connecting the first vulnerable assets, the processor may obtain multiple user visualization commands from a user device and map the first attack path to the application layers and the first security parameters in the visual interface based at least in part upon the user visualization commands ¶ 0070 - FIG. 4 shows a visualization interface comprising a representation of the attack path visualization 300, in accordance with one or more embodiments. Specifically, FIG. 4 illustrates an example embodiment of a security posture graph modified by one or more user visualization commands indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability (e.g., risk tolerance level) selection. The visualization interface comprises an overview of any impacted assets and corresponding vulnerabilities, which are shown to comprise three attack vectors , twelve attack paths, six services, and four sensitive asset groups or categories. In some embodiments, the visualization interface may be generated based on a particular view, a particular time period, a data type, a region, a vulnerability, and the like [0072] FIG. 5 shows a visualization interface comprising a representation of the attack path visualization 300, in accordance with one or more embodiments. Specifically, FIG. 5 illustrates an example embodiment of a security posture diagram modified by one or more user visualization commands indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability selection. The visualization interface comprises an overview of any impacted assets 320 and corresponding vulnerabilities, which are shown to comprise twelve attack vectors and thirty attack paths. In some embodiments, the visualization interface may be generated based on a particular view, a particular time period (e.g., last 1 month), a data type, a region, a vulnerability, and the like. The visualization interface 500 may comprise twelve attack techniques 510, three attack types 530, and three severity levels 540. – See ¶ 0059,¶ 0060) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Brown to include the teachings of Napper. The motivation for doing so is to allow the system to map attack paths in a visualization interface (Napper– Abstract). Regarding claim 9, Brown further teaches receiving a security [..]visualization associated with the computing environment, wherein the security visualization is associated with one or more attack path; and causing display of the security visualization comprising the one or more attack for the computing environment paths (¶ 0082 -. By giving an administrator the ability to visualize and mitigate IoT/CPS exploits before the system is deployed, GRAVITAS hopes to prevent the next Mirai-like attack before it happens – ¶ 0042 - With an IoT/CPS configuration and threat model as input, and a list of the most cost-effective defenses as output, GRAVITAS presents a security model that allows the system administrator to discover new attack vectors and proactively configure secure IoT/CPS both pre- and post-deployment.) . However, Brown does not explicitly teach the posture security visualization communicating a request for security posture associated with a computing environment; based on the request, receiving a security posture visualization associated with the computing environment, wherein the security posture visualization is associated with one or more attack path; and causing display of the security visualization comprising the one or more attack for the computing environment Napper teaches communicating a request for security posture associated with a computing environment; based on the request, receiving a security posture visualization associated with the computing environment, wherein the security posture visualization is associated with one or more attack path; and causing display of the security visualization comprising the one or more attack for the computing environment ( ¶ 0016 - In some cases, in conjunction with determining the first attack path connecting the first vulnerable assets, the processor may obtain multiple user visualization commands from a user device and map the first attack path to the application layers and the first security parameters in the visual interface based at least in part upon the user visualization commands ¶0070 - FIG. 4 shows a visualization interface comprising a representation of the attack path visualization, in accordance with one or more embodiments. Specifically, FIG. 4 illustrates an example embodiment of a security posture graph modified by one or more user visualization commands indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability selection. The visualization interface comprises an overview of any impacted assets and corresponding vulnerabilities, which are shown to comprise three attack vectors, twelve attack paths, six services, and four sensitive asset groups or categories. In some embodiments, the visualization interface may be generated based on a particular view, a particular time period, a data type, a region, a vulnerability, ¶0072 FIG. 5 shows a visualization interface comprising a representation of the attack path visualization, in accordance with one or more embodiments. Specifically, FIG. 5 illustrates an example embodiment of a security posture diagram modified by one or more user visualization commands indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability selection. The visualization interface comprises an overview of any impacted assets and corresponding vulnerabilities, which are shown to comprise twelve attack vectors and thirty attack paths. In some embodiments, the visualization interface may be generated based on a particular view, a particular time period, a data type, a region, a vulnerability, and the like. The visualization interface may comprise twelve attack techniques, three attack types, and three severity levels. – See ¶ 0059,¶ 0060) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Brown to include the teachings of Napper. The motivation for doing so is to allow the system to map attack paths in a visualization interface (Napper– Abstract). Claims 7,20 are rejected under 35 U.S.C. 103 as being unpatentable over Brown in view of Neupane et al. Publication No. US 2025/0131098 A1 ( Neupane hereinafter) Regarding claim 7, Brown does not explicitly teach accessing an updated version of the computing environment graph; using the attack path computation model and the updated version of the computing environment graph, identify a second plurality of attack paths for the computing environment; communicate the second plurality of attack paths for the computing environment However, Neupane teaches accessing an updated version of the computing environment graph; using the attack path computation model and the updated version of the computing environment graph, identify a second plurality of attack paths for the computing environment; communicate the second plurality of attack paths for the computing environment (¶ 0022 - At stage C, the graph analyzer 110 analyzes the graph 108 to discover and rank attack paths. The graph analyzer 110 discovers attack paths in the graph 108 and ranks the discovered attack paths. To discover attack paths, the graph analyzer 110 can traverse the graph 108 from source nodes corresponding to identities and/or sink nodes corresponding to resources that can host assets. The graph analyzer 110 can analyze the graph 110 according to configured parameters. For example, a configuration file can be maintained that identifies resources that host sensitive and/or high-value assets. The graph analyzer 110 ranks the discovered attack paths based on the weights assigned to the nodes and edges of the discovered attack paths. The graph analyzer 110 can then provide the discovered information as an alert or notification, for example. As the graph 108 may be updated periodically and/or based on detected events (e.g., addition of a resource), the analysis can be triggered after each update. such as a defined JavaScript® Object Notation (JSON) object. As another example, the graph analyzer 110 returns the extracted information in an in-memory data structure that the query interface 109 uses to generate a response for presentation (e.g., a notification, a visualization, etc.) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Brown to include the teachings of Neupane. The motivation for doing so is to allow the system to parse policies and builds a resource access graph that represents entities and analyzes the graph to detect resource access paths that are potential attack paths (Neupane – ¶ 0017). Regarding claim 20, Brown does not explicitly teach accessing an updated version of the computing environment graph; using the attack path computation model and the updated version of the computing environment graph, identify a second plurality of attack paths for the computing environment; communicate the second plurality of attack paths for the computing environment However, Neupane teaches accessing an updated version of the computing environment graph; using the attack path computation model and the updated version of the computing environment graph, identify a second plurality of attack paths for the computing environment; communicate the second plurality of attack paths for the computing environment (¶ 0022 - At stage C, the graph analyzer 110 analyzes the graph 108 to discover and rank attack paths. The graph analyzer 110 discovers attack paths in the graph 108 and ranks the discovered attack paths. To discover attack paths, the graph analyzer 110 can traverse the graph 108 from source nodes corresponding to identities and/or sink nodes corresponding to resources that can host assets. The graph analyzer 110 can analyze the graph 110 according to configured parameters. For example, a configuration file can be maintained that identifies resources that host sensitive and/or high-value assets. The graph analyzer 110 ranks the discovered attack paths based on the weights assigned to the nodes and edges of the discovered attack paths. The graph analyzer 110 can then provide the discovered information as an alert or notification, for example. As the graph 108 may be updated periodically and/or based on detected events (e.g., addition of a resource), the analysis can be triggered after each update. such as a defined JavaScript® Object Notation (JSON) object. As another example, the graph analyzer 110 returns the extracted information in an in-memory data structure that the query interface 109 uses to generate a response for presentation (e.g., a notification, a visualization, etc.) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Brown to include the teachings of Neupane. The motivation for doing so is to allow the system to parse policies and builds a resource access graph that represents entities and analyzes the graph to detect resource access paths that are potential attack paths (Neupane – ¶ 0017). Claims 11 -15 are rejected under 35 U.S.C. 102 (a2) as being anticipated by Napper in view of Brown. Regarding claim 11, Napper teaches One or more computer-storage media having computer-executable instructions embodied thereon that, when executed by a computing system having a processor and memory, cause the processor to perform operations, the operations comprising: communicating a request for security posture associated with a computing environment; based on the request, receiving a security posture visualization associated with the computing environment, wherein the security posture visualization is associated with one or more attack path, the one or more attack paths are associated with an attack path discovery computation model supports automatically discovering attack paths for computing environments associated with computing environment graphs; and causing display of the posture security visualization comprising the one or more attack paths for the computing environment( ¶ 0016 - In some cases, in conjunction with determining the first attack path connecting the first vulnerable assets, the processor may obtain multiple user visualization commands from a user device and map the first attack path to the application layers and the first security parameters in the visual interface based at least in part upon the user visualization commands ¶ 0070 - FIG. 4 shows a visualization interface comprising a representation of the attack path visualization, in accordance with one or more embodiments. Specifically, FIG. 4 illustrates an example embodiment of a security posture graph modified by one or more user visualization commands indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability selection. The visualization interface comprises an overview of any impacted assets and corresponding vulnerabilities, which are shown to comprise three attack vectors, twelve attack paths, six services, and four sensitive asset groups or categories. the visualization interface may be generated based on a particular view, a particular time period, a data type, a region, a vulnerability, and the like ¶ 0072 -FIG. 5 shows a visualization interface comprising a representation of the attack path visualization, in accordance with one or more embodiments. Specifically, FIG. 5 illustrates an example embodiment of a security posture diagram modified by one or more user visualization commands indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability selection. The visualization interface comprises an overview of any impacted assets and corresponding vulnerabilities, which are shown to comprise twelve attack vectors and thirty attack paths, The visualization interface may be generated based on a particular view, a particular time period, a data type, a region, a vulnerability, and the like. The visualization interface may comprise twelve attack techniques, three attack types 530, and three severity levels – See ¶ 0059,¶ 0060) However, Napper does not explicitly teach wherein the attack path discovery computation model is associated with an attack path discovery template that supports discovering the one or more attack paths, the attack path discovery template comprising: an entry point element that defines a starting node where an attacker gains initial access, an advancement step element that defines a conditional operation that enables attacker movement between nodes based on an authenticated connection or a privilege escalation condition, and a target element that defines an endpoint node representing a critical computing asset identified by condition indicating sensitive or high-value data; Brown teaches wherein the attack path discovery computation model is associated with an attack path discovery template that supports discovering the one or more attack paths, the attack path discovery template ( ¶ 0041 – ¶ 0042 -disclosed herein are embodiments for a comprehensive risk management system, referred to herein as GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors and optimize the placement of defenses within the system for optimal performance and cost. While existing risk management systems consider only known attacks, embodiments of the disclosed model employ a graphical approach to extrapolate undiscovered exploits, enabling identification of attacks overlooked by manual penetration testing (pen-testing). The model is flexible enough to analyze practically any IoT/CPS and provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost. GRAVITAS can be employed by governments, companies, and system administrators to configure secure IoT/CPS at scale, providing a quantitative measure of security and efficiency in a world where IoT/CPS devices will soon be ubiquitous -With an IoT/CPS configuration and threat model as input, and a list of the most cost-effective defenses as output, GRAVITAS presents a security model that allows the system administrator to discover new attack vectors and proactively configure secure IoT/CPS both pre- and post-deployment – ¶ 0021 -FIG. 6 depicts a table of exploit goals in a master attack graph template according to an embodiment of the present invention – See Also ¶0089, ¶0091) . comprising: an entry point element that defines a starting node where an attacker gains initial access (¶ 0070 -A: The nodes at which an adversary can access the system. These "entry nodes" are the starting points for any attack. They are also vulnerabilities (A c N). ). an advancement step element that defines a conditional operation that enables attacker movement between nodes based on an authenticated connection or a privilege escalation condition ( ¶ 0063 -series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node). The SHARKS attack graph, shown in FIG. 2 was created by deconstructing 41 known attacks on IoT/CPS into a series of steps represented by a vulnerability node chain (an exploit), and subsequently merging every node chain into a single directed acyclic graph (DAG). This graph makes no distinctions between network-level, hardware-level, or software level nodes: what matters is the procedure that brings attackers to their desired destination – ¶ 0099 – ¶ 0101 -. Permission Subgraphs: GRAVITAS allows the system administrator to specify permissions for every device. Unlike other attack graph models, the access permissions are each represented by a separate copy of a subgraph - Two different types of permissions are modeled: login permissions and execute command permissions. With a login permission, a user with the correct credentials can execute any (permitted) command on the system – See Also Claims 34 -35,¶ 0068). a target element that defines an endpoint node representing a critical computing asset identified by condition indicating sensitive or high-value ( ¶ 0071 -The leaf nodes of the graph. These represent the completion of an attack (L c N). These "exploit goals" represent the end goal of an adversary's attack, such as "Disable device" or "DoS attack," as nonlimiting example ¶ 0072 -P: The set of nodes that constitute a complete attack vector. Each exploit begins at an entry node and concludes at an exploit goal node. More formally, an exploit Pis any ordered set of nodes in the form { a, n1 , ... , n1o I} where aEA, 11;EN, !EL. The same entry node and exploit goal pair can be a part of multiple attack vectors – ¶ 0128 - In FIG. 23, it is observed that the end result of the exploit is a DoS attack on the cloud server for the Google Home device. Its origin is a malware downloaded onto a laptop, which in tum instructs the Samsung fridge to flood the Google Home server with bogus traffic, thus launching a DoS attack.. GRAVITAS recognizes the importance of these vulnerabilities due to their crucial role in several attack vectors that lead to attack outcomes with high impact scores – See Fig.24 ) ; It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Napper to include the teachings of Brown. The motivation for doing so is to allow the system to detect security vulnerabilities in at least one of cyber-physical systems (CPSs) and Internet of Things (IoT) devices and optimize placement of defenses to reduce an adversary score of the aggregate attacks (Brown - Abstract). Regarding claim 12, Napper does not explicitly teach wherein the attack path discovery computation model further accesses the attack path discovery template comprising the entry point element, the advancement step element, and the target elements associated with corresponding conditions that are evaluated to identify the one or more paths. However, Brown teaches wherein the attack path discovery computation model further accesses the attack path discovery template comprising the entry point element, the advancement step element, and the target elements associated with corresponding conditions that are evaluated to identify the one or more paths (¶ 0043 - The novelty of the proposed methodology lies in at least the following: (0044] (1) An automated IoT/CPS-specific exploit discovery tool that includes potential vulnerabilities and attack vectors that have yet to be discovered – ¶ 0021 – ¶0022 - FIG. 6 depicts a table of exploit goals in a master attack graph template according to an embodiment of the present invention – ¶ 0063 - SHARKS eschews a rigid classification and models an exploit chain (attack vector) as it appears to an adversary: a series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node). ¶ 0070 - The nodes at which an adversary can access the system. These "entry nodes" are the starting points for any attack. They are also vulnerabilities (A c N). ¶ 0071-0072 - The leaf nodes of the graph. These represent the completion of an attack (L c N). These "exploit goals" represent the end goal of an adversary's attack, such as "Disable device" or "DoS attack – ¶ 0042 - These attack vectors are then assigned risk scores according to a probabilistic method that models the interaction between attack impacts and the graph's vulnerabilities. – ¶ 0082 - GRAVITAS solves this issue by creating a unique attack DAG for every device in an IoT/CPS and adding additional pathways between devices based on network topology). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Napper to include the teachings of Brown. The motivation for doing so is to allow the system to detect security vulnerabilities in at least one of cyber-physical systems (CPSs) and Internet of Things (IoT) devices and optimize placement of defenses to reduce an adversary score of the aggregate attacks (Brown - Abstract). Regarding claim 13, Napper does not explicitly teach wherein the attack path discovery model is operable on a plurality of computing environment based on traversing corresponding computing environment graphs that include set of nodes and set of edges representing computing components and features of corresponding computing environments However, Brown teaches wherein the attack path discovery model is operable on a plurality of computing environment based on traversing corresponding computing environment graphs that include set of nodes and set of edges representing computing components and features of corresponding computing environments (¶0041 - Internet-of-Things (IoT) and cyber-physical systems (CPSs) may include thousands of devices connected in a complex network topology - the disclosed model employ a graphical approach to extrapolate undiscovered exploits, enabling identification of attacks overlooked by manual penetration testing (pen-testing). The model is flexible enough to analyze practically any IoT/CPS and provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost – ¶ 0067 -¶0068 -The set of nodes in the graph. Each node represents a single vulnerability in the system, such as "sensor tampering" or "no SSL pinning," as nonlimiting examples. E: The set of edges in the graph. Edges represent exploits, or pathways between vulnerabilities. Unlike in other attack graph models, edges do not have an access control parameter; each edge instead represents a possible path between vulnerabilities. Different permissions are instead represented by different nodes – Abstract - generate an aggregate attack DAG from a classification of each device and a location of each device in network topology specified by a system administrator). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Napper to include the teachings of Brown. The motivation for doing so is to allow the system to detect security vulnerabilities in at least one of cyber-physical systems (CPSs) and Internet of Things (IoT) devices and optimize placement of defenses to reduce an adversary score of the aggregate attacks (Brown - Abstract). Regarding claim 14, Napper further teaches receiving the request for the security posture of the computing environment; generating the security posture visualization associated with the computing environment, wherein the security posture visualization comprises one or more attack paths; and communicating the security posture visualization comprising the one or more attack paths( ( ¶ 0016 - In some cases, in conjunction with determining the first attack path connecting the first vulnerable assets, the processor may obtain multiple user visualization commands from a user device and map the first attack path to the application layers and the first security parameters in the visual interface based at least in part upon the user visualization commands ¶ 0070 - FIG. 4 shows a visualization interface comprising a representation of the attack path visualization, in accordance with one or more embodiments. Specifically, FIG. 4 illustrates an example embodiment of a security posture graph modified by one or more user visualization commands indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability selection. The visualization interface comprises an overview of any impacted assets and corresponding vulnerabilities, which are shown to comprise three attack vectors, twelve attack paths, six services, and four sensitive asset groups or categories. In some embodiments, the visualization interface may be generated based on a particular view, a particular time period, a data type, a region, a vulnerability, and the like ¶ 0072 -FIG. 5 shows a visualization interface comprising a representation of the attack path visualization, in accordance with one or more embodiments. Specifically, FIG. 5 illustrates an example embodiment of a security posture diagram modified by one or more user visualization commands indicating a view selection, a time selection, a data type selection, a region selection, and a vulnerability selection. The visualization interface comprises an overview of any impacted assets and corresponding vulnerabilities, which are shown to comprise twelve attack vectors and thirty attack paths. In some embodiments, the visualization interface may be generated based on a particular view, a particular time period, a data type, a region, a vulnerability, and the like. The visualization interface may comprise twelve attack techniques, three attack types, and three severity levels 540. – See ¶ 0059,¶ 0060). Regarding claim 15, Napper further teaches receiving an indication to execute a remediation action associated with an attack path associated with the security visualization; and executing the remediation action (¶0025 – In another example, another technical advantage of one embodiment may identify critical threats detected by the attack path analysis, prioritize these threats, and provide detailed guidance enabling remediation actions to mitigate, reduce, or eliminate the threats. These are particularly important to prevent, reduce, or eliminate coordinated cyberattacks – Para 0012 - The visual representation may map the vulnerable assets in an attack path comprising one or more indicators associating the vulnerable assets with one another and remediations for preventing attacks via the attack path. Further, the visual representation may provide multiple indicators that show a level of priority of a vulnerable asset in the attack path and remediation costs of each vulnerable asset The system and the method may generate remediation techniques for the filtered assets.). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659. The examiner can normally be reached Monday - Friday 8:30 AM -5:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached on (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /YOUNES NAJI/Primary Examiner, Art Unit 2445