A security team wants to automate the response to compromised Amazon EC2 instances. If Amazon GuardDuty detects that an EC2 instance is communicating with a known command-and-control (C&C) server, the instance must be immediately isolated from the network, and a forensic snapshot of its EBS volume must be taken. What is the MOST automated way to achieve this?

Use AWS Config rules to detect the GuardDuty finding and trigger an AWS Systems Manager Automation document.

Create an Amazon EventBridge rule triggered by GuardDuty findings. Route the event to an AWS Step Functions state machine that isolates the instance via Security Groups and triggers an EBS snapshot.

Configure Amazon Macie to monitor network traffic and trigger a Lambda function to isolate the instance.

Write a cron job on a management instance to poll the GuardDuty API every 5 minutes and execute a bash script.