The blog that was referenced earlier is the best source of information on the topic. A short version of that is, we have a list of regularly updating known bad IP addresses. This list is intentionally focused on known bad addresses to minimize the noise created with most threat feed services. If an incoming event includes an IP that is on the list, the event is flagged as IsThreat = True. You can use that field to find events that are communicating with malicious hosts.The most simple way to see these events is to go to Monitor, then expand Security and click "All Threat Events". See screenshot below.
Any events flagged as threats will appear in this streaming list. Hopefully you don't have any! If you don't see anything after watching it for a few minutes, click the Gear icon in the upper right corner of my screenshot and select "Send to n-depth". From there you can change the timeframe to look for historical events that may have been flagged as threats.
I hope that helps!