First great work on including the Office ATP events in the office 365 7.15 connector I was almost done with my flex connector when that was release on 4/30. One thing enhancement we implemented (see map file below) was we crafted a URL that will will allow the analyst to pivot out of arc sight directly to the Office365 Security Compliance Alert in Microsoft's GUI as there are sub screens of information reflected in these tickets that the security compliance alerts aren't capturing fully. The map file below is a possible solution. The url takes the analysts directly to the alert in microsoft's gui preventing them from having to hunt for the correct ticket when they cut/paste it. Please note the other value in the map file correct the incorrect parsing for security compliance alerts. SD02696513 was submitted to support to confirm and correct that issue.
SecurityComplianceAlerts,Security Compliance Alerts,"__concatenate(""https://protection.office.com/viewalerts?id="",__split(fileId,"" "",""2""))"