I did some tests, and cannot find a specific section related to Gmail Compliance Rules, which is an unfortunate choice by Google.
Checking under the "Security Investigation tool > Rule log events" - these seem to only be the Rules-module Drive/DLP items, and not Gmail Compliance Rules (which are not managed within the Rules section). I tried selecting 'Rule log events > Data source=Gmail', and no events are returned.
I also attempted "Security Investigation tool > Gmail log events" - no success. There is an 'Event' option, but no options cover Compliance Rule execution/trigger. You can select "Spam" and find if a custom rule flagged something spam, but this now appears to become a spam investigation.
It may be possible to use BigQuery; I have not attempted. You can feed Gmail logs into BigQuery, so it may be that accessing these "raw" logs provides more data to be examined (including Compliance Rule trigger) then what Google makes available within the Security Investigation Tool UI.
LinkedIn
Twitter
