We use three different monitoring solutions outside of SQL Server: one that monitors activity against the database instance, one that gathers event logs, and one that monitors changes to critical system files and directory locations.

The central problem with crafting a SQL Server-based monitoring is just that: it's SQLServer-based and exposed to whichever admin account has sway over it. I can't touch any of the three solutions we use, and Audit is more than happy with that.