In our tenant we have one machine which has consistently reported malware/PUA (due to a fortunate false positive) which makes for a good test case. The endpoint API lists its overall and threats health status as 'suspicious' but there's no expanded health info for threats. The alerts API lists several failures to protect, which I also need to know about, but no malware/PUA.
Am I looking in the wrong place or is this just not yet reported?