I want to be able to trigger an Alert Policy in the event of an inbound message being detected as a Mail Threat. I have created an New-ProtectionAlert object with the following -filter parameter

-Filter "(Mail.IsThreat -eq 1) -and (Mail.Direction -eq 'Inbound')"

The inbound message will be passed to a custom connector I have written, which will perform some policy checks and then return the message to Office365. If the policy is violated, I would like to add a property? message header? something else? that will set the Mail.IsThreat property to 1 and hence trigger the alert.

I'm struggling to see how/where the Mail.IsThreat is defined or if it can be defined outside of the standard M365 Threat Protection features