Agree with @unman here, import a replacement and move on.
Before you do that, hunt 
for your implant 
, might be some $$$ 
to help fund your replacement.
AFTER, you find your implant and/or actual evidence of said alleged breach, then and only then can your paranoia be confirmed and worthwhile forward direction be found. Anything else is merely âpissing in the windâ.
Re: paranoia
âJust because youâre not paranoid, this doesnât mean theyâre not watching you.â
âProsâ? If you mean corpo world, changes every year so, ask Gartner 
. More than likely, these tools are outside of both your budget & wheelhouse.
Product != help you.
An OODA loop of: Planning â Process â Post-Incident Learning â Prevention, will.
To begin analyzing your traffic, installing OpenSnitch on the hosts you imagine to be compromised would be a good start for you as, it has a friendly GUI and, will ask you to manually create an allow rule for any packets looking to leave your node.
âGloballyâ (traffic from all qubes), it would be worth taking a look at/tuning/using the Suricata based sys-ips by @Sname.