Nickolas,
For what to log, we do have some recommendations for best practices here:
Audit Policies and Best Practices for LEM - SolarWinds Worldwide, LLC. Help and Support
I think you may be able to get more of what you want with a rule like "Auth Audit Alerts.Destination Machine = (SOME LIST OF SENSITIVE MACHINES)"
That includes all successes and failures, and would also be looking at any AD logs from the domain controllers (assuming agents are deployed) against those machines. The list could be a user defined group or a connector profile.
Auth Audit Alerts is an Event Group.