Information Gathering -> Monitoring: Simple application metrics
Risk and Opportunity
Risk: Attacks on an application are not recognized.
Opportunity: Gathering of application metrics helps to identify incidents like brute force attacks, login/logout.
Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low
Implementation hints: Prometheus
OWASP SAMM 2 Mapping: o-incident-management|A|1
ISO27001:2017 Controls Mapping: