I'm not aware of any specific auditd Artifact but this artifact for example
Configures auditd to record process execution.
There is also this project
Which has some curated rules which are nice.
Velociraptor also has the auditd() plugin which makes it act as basically an audit daemon (it connects directly to the kernel to read the messages) so it doesn't need any syslog configuration or auditd actually installed or configured.
Some of the challenges with using audit logs on Linux is that the same information is normally spread across multiple log lines so it's not so easy to tie them together (there is an audit id that ties related lines but you have to keep state). We have the parse_auditd() plugin to help with reassembly of audit logs into something reasonable.
So it's recommended to use that rather than just syslog parser.
So to summarize, there is no complete solution right now but all the pieces are there for writing an artifact that does what you need
Thanks
Mike