A company requires you to detect failed login attempts in the operating system of a criti$-$

cal instance and to make that information available to security analysts to investigate and decide whether to ignore or isolate. Which of the following actions can be recommended?

$($Choose two.$)$

A$.$ Sending all the OS logs to a SIEM among the AWS Security Hub's partners and using

a SIEM rule to create a finding in AWS Security Hub, then using AWS Security Hub's custom actions to ease isolation

B$.$ Sending all the OS logs to AWS Security Hub and AWS Security Hub's actions to auto$-$

mate resolution

C$.$ Sending OS logs to Amazon CloudWatch logs through the agent, creating a metric filter

and an alarm, and triggering an AWS Lambda that creates the finding in AWS Security Hub, then using AWS Security Hub's custom actions to ease isolation

D$.$ Sending all the OS logs to a SIEM among the AWS Security Hub's partners and using

a SIEM rule to create a finding in AWS Security Hub, then using Amazon CloudWatch Events to trigger an AWS Lambda function to isolate