Currently Sentinel does not have any method to monitor EPS levels properly. It would good to have some way to monitor EPS levels and have an alert if e.g. system currently uses >90% of EPS licensing (this could be e.g. a manually entered value).
I know that using Data Synchronization we can achieve some of these, but alerts are currently not possible.
I agree with the previous speaker and have the same kind experience of EPS runaway event. The matter we hope and should need is controlling better EPS situation awareness by EPS-alerts. In addition to monitoring data by syncronizing.
Could the development of this feature somehow be accelerated? We had a runaway event source that generated a lot of EPS (as much as the system can handle) and we noticed it after it had been doing it a couple of days. With that monitoring we would had noticed it instantly.
Have you considered creating an anomaly rule within a Security Intelligence Dashboard (such as a Threshold rule) to alert when the threshold you're interested in has been reached?