As I mentioned, defining a baseline is crucial to filter out irrelevant security and non-security events. There are lots of tools that can help.
AIDE
Linux, macOS https://aide.github.io/.
brew install aide # macOS
apt install aide aide-init # Linux
You can run it against a clean system, thus populating its DB with the files you want to keep the same.