IDS and IDP are still relevant tools for a ziti system. I'd be interested if you feel like sharing your configs in a new post about using ziti with a popular open-source IDS like Snort or Suricata.
For example, ziti has a configurable rate limit for TLS negotiations. You could program the IDS to alarm when the limit is breached.
tls:
handshakeTimeout: 15s
rateLimiter:
# if disabled, no tls handshake rate limiting with be enforced
enabled: true
# the smallest window size for tls handshakes
minSize: 5
# the largest allowed window size for tls handshakes
maxSize: 5000
# after how long to consider a handshake abandoned if neither success nor failure was reported
timeout: 30s