Hello,

Security Ops rely on API to get e.g. syslog event. API call would let you get description of behavior indicators.  You should be able to pull the name, title, description and lots of other indicator data from it.

Go into your dashboard if you do not yet have an API key and you can establish one under Accounts > API Credentials.

Cisco AMP has gitub source to start with API.

https://github.com/CiscoSecurity/amp-01-basics

Or you can have a look at official documentation, as below:

https://api-docs.amp.cisco.com/

Regards

David