I watched the Logs and Alerts episode with great interest.
I wanted to know if we can set up some monitoring to detect malware/spyware.
For example I am getting an alert from my router's firewall. It is reporting "INDICATOR-COMPROMISE Suspicious .pw dns query" during certain times. Could I set some data collectors to identify what process or service is pushing out these network request?