What alert indicated malware activities in the network?

Monitoring network traffic for signs of malicious activity is what an intrusion detection system is built to do, so an alert from the IDS is the best indicator of malware activities in the network. IDS watches traffic patterns, signatures, and behaviors across the network and raises alerts when it detects known malware patterns, suspicious C2 communications, or unusual traffic spikes. This provides direct visibility into malware activity at the network level. Firewalls focus on permitting or blocking traffic based on rules and may log suspicious connections, but they aren’t primarily designed to detect and alert on malware behavior across the network. Antivirus runs on individual hosts to detect malware on that device, which can help if a malware is active on a host, but it doesn’t provide a centralized network-wide alert about malware activities. VPN gateway alerts pertain to VPN health and access issues rather than malware presence within the network. So the alert from the IDS best signals network-wide malware activity.