We've redesigned the Alert page, to make information in the header clearer and easier to understand, changed the alert descriptions and recommended actions sections to be expandable - so the alert process tree is immediately available when landing on the Alert page.
Alert Process Tree Enhancements
Showing files from parsing command lines
We parse command lines of common processes to extract executed filenames, and show these in the alert process tree.
WMI Logical Parent support [Internal Preview]
We now show the logical parents of processes triggered by running WMI queries against the Win32_Process class, instead of WmiPrvSE.exe
URLs of downloaded files [Internal Preview]
We now show download URLs of files downloaded by Edge or Chrome (Creators Update machines) to add important data to investigations.
Elevation Reparenting support
We've enhanced alert process trees that contain elevated processes to display the calling processes as parents in the process tree instead of the reported svchost.exe, to provide an accurate logical picture to SecOPS.
Windows Defender ATP & O365 integration - Open for business
We've all being waiting for this to arrive for a long time, and we can finally announce: it's here!!
Information how to enable WDATP and O365 ATP integration is publicly available here