Incidents are marked as HIGH severity when policy uses an AND condition in the policy, changing expected severity from INFO, LOW, or MEDIUM
Steps to reproduce:
Note that the issue can prevent many Response Rules from being applied correctly.
DLP Cloud Service
Cause of the issue is that the compound condition causes the settings for severities to drop out from the incident summary, defaulting to the HIGH severity.
One instance of this issue occurred on prior versions of DLP, and was fixed by subsequent updates.
However, a related issue seems to have recurred - e.g., the severity of an incident which should be flagged as either LOW or INFO is instead increased to MEDIUM.
If you are impacted by this issue in the DLP Cloud Service, please contact Technical Support.