This Tag is mainly dedicated to question related with Exchange online, since your question is related with Office 365, I would suggest you open a service request to confirm with Office 365 team.
Here are my suggestions, it may be useful to you:
The "Mail:IsThreat" is belonged to "Malware", if you want to using it, you need to have this add-on subscription below:
If you are not familiar with PowerShell, you can create this policy in security and compliance center, then use command below to check it:
Get-ProtectionAlert -Identity "YourPolicy" | fl filter
About whether this alter could filter on message header, you can also confirm with the Office 365 team.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.