you can go to Microsoft 365 Defender and under Endpoints, Evaluation & tutorials and at Evaluation lab you can build your own test machines and experiment. These test machines raise alerts in your own environment and as such you can go to incidents and alerts to see what has been raised. On the other hand, if you would like to dive deeper, you can use KQL to investigate whatever you want at these test machines.
If I have answered your question, please mark your post as Solved
If you like my response, please consider giving it a like