The incidents for my policy have a Severity of High. The policy was set to create a Medium severity for the given number of matches. Why are the severities set incorrectly?
Any supported release
The severity of the policy may be lost. If the policy is saved, and there is no associated severity, the system assumes the severity is high. This issue is rare.
If the severity is lost, the best way to work around is to re-save the policy with the correct severity. The issue should not recur.
Some other articles with similar issue:
Severity of an incident set by number of matches by policy not by rule (broadcom.com)
Group Rule applied in a DLP policy is not setting the severity as expected (broadcom.com)
Severity not set correctly for Cloud Email Service incidents (broadcom.com)
Incidents no longer generate after Endpoint Servers are upgraded to DLP 15.8 (broadcom.com)