Incidents are marked as HIGH severity when policy uses an AND condition in the policy, changing expected severity from INFO, LOW, or MEDIUM
Steps to reproduce:
Note that the issue can prevent many Response Rules from being applied correctly.
Cause of the issue is that the compound condition causes the settings for severities to drop out from the incident summary, defaulting to the HIGH severity.
DLP Cloud Service
Upgrade to 15.1 MP1 or higher.