Refer to the Cisco Security MARS Event Management partial screen shown above. Which two statements are correct? (Choose two)
A.
Event ID 1104001 is a low-severity event.
B.
Event ID 1104001 is triggered if ALL of the syslog messages under the Device Event ID column are received by the Cisco Security MARS within a predefined time frame.
C.
Event ID 1104001 belongs in an event group that includes generic informational events from firewalls.
D.
PIX and FWSM syslog messages (104001) are normalized into a single event (Event ID 1104001).
E.
Info/Misc/FW is a user-defined rule that normalizes events into a single event.