There is provided a method for auto-generation of decision rules for attack detection feedback systems. The method is executed on a server. The method comprises: receiving at least one event from an event database, the event database having been generated from data obtained by at least one sensor; analyzing the at least one event to determine whether the at least one event belongs to a class of malware control center interactions; if the at least one event belongs to the class of malware control center interactions, extracting at least one attribute from the at least one event; generating decision rules using the at least one attribute; and saving the decision rules; saving the decision rules, the decision rules being instrumental in updating what type of further data is obtained by the at least one sensor based on the decision rule.