It's a production database so there should be an email when the application connects and absolutely no user should ever, ever, ever be able to log in unless it's an admin doing an emergency backup and/or restore (likely alerts would be off during a restore.)
I cannot imagine a MS SQL Server based client-server application that does not make a billion DB calls all day long. So you will have to exclude that system user from being audited.
There's no user ever authorized to just connect.
The application user is always connecting. Repeatedly.