Refer to the Cisco Security MARS Event Management partial screen shown above. Which two statements are correct? (Choose two)

A.
Event ID 1104001 is a low-severity event.

B.
Event ID 1104001 is triggered if ALL of the syslog messages under the Device Event ID column are received by the Cisco Security MARS within a predefined time frame.

C.
Event ID 1104001 belongs in an event group that includes generic informational events from firewalls.

D.
PIX and FWSM syslog messages (104001) are normalized into a single event (Event ID 1104001).

E.
Info/Misc/FW is a user-defined rule that normalizes events into a single event.