Hello Bob,
I started down that path a while back but the customer wasn't committed to reviewing the incidents and lost interest. What i did was create a policy with a rule to detect file types then created a target which used that policy and I utilized the File Size Filters and the File Date Filters. That should get you started.