I recently had the opportunity to write an in-depth article for issue #22 of (IN)Secure magazine. The article discussed how the results and reports from your real-time network monitors can be used to make better decisions on how your vulnerability scanners are used.
In short, there should be a feedback loop between your scanners and your event monitors. Both processes can help refine each other and ensure you are performing the correct level of montioring. This is also a basic component of our Unified Security Monitoring strategy. Read the full article here.