---

How do you monitor application specific alerts. Did you perform the code level analysis or just the logs that application is generating.

---

The next generation of application monitoring tools are "Interactive Application Security Testing" (IAST). There are several vendors in this "emerging"space, but I won't make any endorsements here just search for them. Agents are deployed at run time and report back to a central console, from there you can filter alerts and prioritize software defects to fix. If you're running app's in containers then there are other tools out there as well to monitor their behavior in real time.

Hi,

I assume you would like to monitor your application for the alerts during the deployment phase. As part of security management activities pertinent to operations, continuous monitoring is critically important.

having said that, what do you want to monitor for the application?

Monitoring can be performed on any software or their processes. It is important to first determine the monitoring requirements before implementing a monitoring solution. 

for instance, In order to monitor and determine if a security incident has truly occurred or not it is first
important to define what constitutes an incident.

Vulnerability Management Program helps you to identifying, classifying, re-mediating and mitigating vulnerabilities, its a continuous monitoring system. it can be compliant with CVE and CWE databases.

Application (Software) logs that provide information about the activity and interactions between users/processes and the applications.

Database logs. These are difficult to collect and often require auditing configurations in the database so that database performance is not adversely impacted. They serve as an important source for security related information and need to be protected with great care, because databases can potentially house intellectual property and critical business data.