Something like this is better left to a dedicated piece of software, like a DLP product. While it can be done using a method like what @PhillyPhoto mentioned, as was also stated, this could get very complex, very quickly. The methods of extracting attached USB drives in a script aren't very good. You have things like system_profiler SPStorageDataType or system_profiler SPUSBDataType or just things like diskutil, but none of those may give you what you're looking for. A LaunchAgent could use the StartOnMount key to only trigger when something gets mounted, (check this thread for info: https://community.jamf.com/t5/jamf-pro/launchd-startonmount-doesn-t-behave-as-expected/m-p/82262) but you would still need to create a complex script to extract out only attached removable storage, record all the relevant data and export it out to a file/plist. And getting it to only retain attached devices in the last 30 days might be difficult.
I understand why some organizations want Jamf Pro to be able to do everything to save on costs, but it's not a reasonable expectation. Jamf Pro is a device management tool, not a full blown DLP or security posture checking product. There are other things out there, including Jamf Protect that would better serve you on this, and can do a lot more than just that to bargain.
