We are evaluating switching to Sentinel from AlienVault, but are having a hard time justifying the drop in NIDS traffic from the hardware sensor. We are going to be ingesting logs from zscaler, Meraki (advanced threat protection licensed), and crowdstrike EDR, but the ETPro signatures seem to still be a gap in visibility and alerting.

Has anyone made a similar jump and what did you do in Sentinel to cover the gaps?