Thank you Steve for creating this forum.
I have just started evaluating commercial SQL Server auditing tools, given that GDPR is taking effect in May 2018. Two of the products under evaluation offer instantaneous detection of suspicious activities. Being a DIY-inclined DBA, I very intrigued by how this could be done in real time. All ideas and suggestions are welcome. Thanks.