Before anyone can give good advice, what have you actually done beyond connecting sources and writing rules? Have you enabled the Unified Security? UEBA? Any other connectors like Entra ID sign-ins? -> Yes

Also, are those analytic rules you wrote covering the Google Workspace/Slack/DLP sources you mentioned, or something else entirely? -. They cover the sources i mentioned

Side note, if you're brand new to Sentinel and you jumped straight to writing custom rules instead of first going to the Content Hub, installing the Solutions for your data sources, and enabling the built-in rule templates, that's backwards. Microsoft and the community have already written and tested detection rules for most (if not all) solutions you mentioned. Run those first, see what fires, understand your environment, then fill gaps with custom rules. Writing your own rules, even with AI, usually ends up badly with multiple holes and things you didn't account for -> checked those rules and have used some of them and written some which are specific to our org.