I don't think that I have ever seen any colo-provider which did any meaningful monitoring of traffic on their datacenter-wide customer facing ethernet networks. Usually they struggle to sort out operational issuess caused by misconfigured customer hardware (eg. duplicate IPs or non-converging STP due to incompatible configuration of customer's switch), much less have capability do detect or even prevent targeted attack.