If you have Azure AD Premium (P1 or P2 edition) or Enterprise Mobility + Security (EMS) more details are available. Just to confirm Microsoft's advice, in case you haven't seen it for this event -

"This risk event type identifies sign-ins from devices infected with malware, that are known to actively communicate with a bot server. This is determined by correlating IP addresses of the user’s device against IP addresses that were in contact with a bot server."

"This risk event identifies IP addresses, not user devices. If several devices are behind a single IP address, and only some are controlled by a bot network, sign-ins from other devices my trigger this event unnecessarily, which is the reason for classifying this risk event as Low.

We recommend that you contact the user and scan all the user's devices. It is also possible that a user's personal device is infected, or as mentioned earlier, that someone else was using an infected device from the same IP address as the user. Infected devices are often infected by malware that have not yet been identified by anti-virus software, and may also indicate as bad user habits that may have caused the device to become infected."

Getting back to finding more details,  Azure AD Premium customers can get full access to Sign-in activity reports with information about the usage of managed applications and user sign-in activities.  Also, with the Users flagged for risk security/Risky sign-ins reports these customers (P1) get to examine some of the underlying risk events that have been detected for each report, with P2 customers getting the most detailed information about all underlying risk events and enables you to configure security policies that automatically respond to configured risk levels.

Anyway, that was my long way of saying that unless you have Azure AD Premium further details for some events may not be available.