I watched the Logs and Alerts episode with great interest.

I wanted to know if we can set up some monitoring to detect malware/spyware.

For example I am getting an alert from my router's firewall. It is reporting "INDICATOR-COMPROMISE Suspicious .pw dns query" during certain times. Could I set some data collectors to identify what process or service is pushing out these network request?