I'm not sure what kind of "suspicious" you mean. But here's a few points:
- IDS/IPS and AMP events would be found in the Security & SD-WAN > Security Center
- Rogue DHCP servers would be found in the Network-Wide > Event Log
- Sticky MAC breaches would also be listed in the Network-Wide > Event Log
- You can also set alerts to warn you if specific MAC-addresses connect to the network. You can do that in the Network-Wide > Alerts page.
Does any of these answer your question?