So I assume you want to monitor if one particular node is changing its local information, i.e. lying about history in its responses to MultiChain API requests that come to that particular node, based on a changes in that local node's storage of blocks. (The network and blockchain design as a whole will prevent a malicious node from overwriting the history on other nodes.)
If you want to monitor for this (slightly unusual) scenario, you.can retrieve the full raw data for any block of concern, using the getblock API with verbose=0 and then calculate any hash function of that raw data. Do the same on other nodes, and check that the hash values match.
In terms of revoking malicious content, you have two choices: (a) do this at the application level, i.e. post a subsequent stream item which labels the previous one as malicious and instructs other nodes of the application to ignore it, or (b) use MultiChain Enterprise together with offchain data, with the purgepublisheditems and purgestreamitems commands run on all nodes to remove their local copies of the data.
Remember that you also have stream filters which can be uses to validate data before it is published to a stream.