They aren't really intended for human consumption.
Each alert.id will result in a risk meta value being registered (risk.informational, risk.suspicious, or risk.warning), and that is their sole purpose.
So you can (and should) ignore them entirely. Instead, look at the risk meta that was generated.
So for the "Attack Kill Chain Report", I've got it from the community, there is a Rule "Data Exfiltration:Cloud Storage Domains". This rule trigges when "alert.id='nw12525'"
Nevertheless I can't find any information about that criteria.
nw12525 will register risk.informational "file storage sites"