To Monitor Jamf Connects Privilege Escalation you just need to make a custom log filer for "subsystem == "com.jamf.connect.daemon" && category == "PrivilegeElevation"".
I don’t think you can directly hook in what was done only while admin access is granted by Jamf Connect as Connect is adding the user to the admin group then setting a daemon to remove the user at a predetermined time. In essence you are still making the user an unsupervised Admin, which is why I recommend against using this function of Jamf Connect and just getting an EPM tool.
You can monitor for sudo events simply enough with $event.type == 1 AND $event.process.tty != nil AND $event.process.signingInfo.appid == "com.apple.sudo". Though You would need to write analytics as you go along for the different things you want to monitor for.
I recommend browsing Jamf Protects GitHub, there are some pretty useful analitics in there. Also make sure what you are needing is not baked in to the CIS L1 and L2 reporting that Jamf Protect has built in.
https://github.com/jamf/jamfprotect
https://docs.jamf.com/jamf-protect/administrator-guide/Configuring_Unified_Log_Filters.html
https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Managing_Privilege_Eleva...
