The correct answer is C. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. It directly uses AWS CloudTrail logs, VPC flow logs, and DNS logs to identify unusual or suspicious activities such as DNS access peaks, abnormal instance traffic, abnormal network interface traffic, and unusual Amazon S3 API calls. GuardDuty provides near-real-time findings and integrates seamlessly with AWS Security Hub, enabling continuous and comprehensive threat detection and response.