You are looking for data related to emails held in Cynic for less than the configured time in portal.

Email Security.cloud

The Cynic hold time is intended to be used as a threshold for analysis carried out by Cynic. Emails which were declared safe within the hold time should not be used as a metric to change the hold time.

If you receive emails (Cynic applicable) which are suspected to be malicious after processed by Cynic, this can be an indication to increase the hold time and observe for similar emails flagged by Cynic.