Upon reviewing the SIEM trends, an analyst observes a pattern of increased login failures on the organization's web portal every night at 3 AM. There is no known maintenance or legitimate activity scheduled at this time. Which of the following would be the most appropriate immediate action for the analyst to undertake?
Review the relevant log files for IP addresses, user accounts involved, and potential payload in the requests
Inform the legal department of a potential breach due to the regular login failures
Implement a CAPTCHA mechanism on the login page to deter automated login attempts
Immediately update the IDS/IPS signatures to block the IP addresses associated with the login failures