The severity levels are determined by the categorization of the event - i.e. the "Event Name" and where it's located in the LEM event taxonomy. Most "Audit" alerts are lower severities while most "Security" alerts are higher severities, for example. If it would help, I can give you a list of what each LEM event's severity is.
↧