We need to monitor changes made to some probe configuration files, for removing active monitors. Can we query audit tables to achieve this? 

This would be a query to see if profiles were removed from logmon probe in the past five minutes. The probe name can be changed to query for other probes. 

SELECT ae.event_id, event_time, user_ip, robot,probe,USER_NAME,user_cmd,acc.operation,acc.section,acc.variable,acc.old_value,acc.new_value

FROM [CA_UIM].[dbo].[AUDIT_EVENT] ae

join [CA_UIM].[dbo].[AUDIT_config_change] acc on

ae.event_id = acc.event_id where ae.probe = 'logmon' and ae.user_cmd = 'probe_config_set' and acc.operation = 'remove' and event_time > dateadd(minute, -5, getdate())