File content inspection provides the ability to have visibility into the content of documents that are leaving the network. For example, this may be used when investigating insider threats for data exfiltration to a USB drive. 
Collections triggered by rules allow the agent to make a copy of a file and send it to a specified location. This allows the security teams to have the ability to manually analyze files as they triage alerts. 
Event log enhancements allow you to retrieve event logs based on the date range and log names, such as applications, security, systems, and Windows Powershell. 
Collection improvements for easier collection to Amazon Simple Cloud Storage (S3), improve job monitoring, retrieve folder size prior to collection, and collect to different regions.
Application improvements to allow you to review screenshots directly from an alert. We have also updated the Insights left navigation list.