We use built-in SQL Audit to check for login attempts and unauthorized changes to the system.