Poor reporting capability

I'm finding the flexibility of exchange online protection and reporting in general to be terrible.

I'm trying to get a report of cases where people have clicked a link that was later determined to be malicious.  Including links, we have manually determined to be malicious and later zapped those emails.

I have kind of done this in threat hunting however I need to run a query that starts older than the 30 days in threat hunting.  Of course I don't have these going into sentinel or anything, so the data is gone.

Someone suggested reports but I can see how or if there even is a way to report clicks on malicious links (based on them being later determined to be malicious and zapped).  Any suggestions?