I am looking for some recommendations on how to review beacon detection. There is a lot of manual work being done to review each beacon detection. We seem to be finding it mostly as malware-advertisements from different web pages. I thought a way to speed this up is to have a process that pulls +/-1 minute worth of logs when beacon detection is alerted on a users. Does anyone know how to complete this or have recommendations on how to save time for this very manual process?