Telegraf - System Anomalies \ Malware

Anyone have any experience with using Influx / Telegraf / Grafana on their windows server environment to visualize / alert on system anomalies or Malware/Ransomware in their environments?

What I could imagine as a few points of interest for alerts are:
Continuous high CPU
High change rate of disk usage (while disk is being encrypted)