Ashutosh mentioned it, but you likely have to play with your Severity Calculators.  Go to Security Incident > Setup > Security Incident Calculator Groups.  You'll probably want to add a calculation in there for when an SIR is generated from an Alert to adjust the calculation.

Don't forget, however, that these calculators provide another step for you to further fine tune your severity calculations and take into account more than just the informatino as provided within the Alert for this calculation.

Best of luck!

I did look at the Severity Calculators before. Would I then create a new calculator with a lower Order to set the Severity manually or can I use the Alert Severity as the input and just make it the same? I see that the existing Severity Group calculators are using other variables to set it accordingly. We are planning on several inputs coming in with the Severity's already set, so the less I have to manually create would be preferred.

Hi Kyles -

1. Your severity calculation would apply only if you have any one 'Active' calculator under the 'Severity' group calculator and your security incident matching the calculator filter condition. 

2. Severity calculator will be getting triggered from the Security Incident business rule 'calculate severity' (you can have the option to ignore calling this calculator, if the incident is getting created due to Alert management rule)

3. When you say that you are using OOB create Security Incident from alert, is that happening through Security Operations --> Utilities --> Field Mapping? If so, you can add additional field map to set the severity of Security incident from Alert' severity.