Update docs/release-notes/8.18.asciidoc

Co-authored-by: Gabriel Landau <[email protected]>

Author: natasha-moore-elastic

docs/release-notes/8.18.asciidoc

@@ -9,7 +9,12 @@
 [[enhancements-8.18.5]]
 ==== Enhancements
 * Adds the `detection_rule_upgrade_status` object to snapshot telemetry schema ({kibana-pull}223086[#223086]).
-* To help identify which parts of `elastic-endpoint.exe` are using a significant amount of CPU, {elastic-defend} on Windows can now include CPU profiling data in diagnostics. To request CPU profiling data using the command line, refer to {fleet-guide}/elastic-agent-cmd-options.html#_options[{agent} command reference]. To request CPU profiling data using {kib}, check the **Collect additional CPU metrics** box when requesting {agent} diagnostics.
+* Reduces {elastic-defend} CPU when processing events from the System process on Windows.
+* Reduces {elastic-defend} CPU usage for ETW events, API events, and Behavioral Protections. In some cases, this may be a significant reduction.
+* Allows the {elastic-defend} to automatically recover in some situations when it loses connectivity with Agent.
+* Shortens the time it takes {elastic-defend} to recover from a DEGRADED status caused by communication issues with {elastic-agent}.
+* Makes {elastic-defend} malware scan queue operate more efficiently on Windows by not blocking scan requests when an oplock for the file being scanned cannot be acquired.
+* Due to an issue in macOS, {elastic-defend} would sometimes send network events without `user.name` populated. {elastic-defend} will now identify these events and populate `user.name` if necessary
 
 [discrete]
 [[bug-fixes-8.18.5]]