diff --git a/Netskope/netskope_events/ingest/parser.yml b/Netskope/netskope_events/ingest/parser.yml
index 87cfc8c4f..8a2e44ea8 100644
--- a/Netskope/netskope_events/ingest/parser.yml
+++ b/Netskope/netskope_events/ingest/parser.yml
@@ -150,17 +150,23 @@ stages:
           netskope.events.severity.level: "{{parsed_event.message.severity_level}}"
         filter: "{{ parsed_event.message.severity_level|int(-1) == -1 }}"
 
+      - set:
+          netskope.events.severity.level: "{{parsed_event.message.severity}}"
+        filter: "{{ parsed_event.message.severity|int(-1) == -1 }}"
+
       - set:
           netskope.events.severity.id: "{{parsed_event.message.severity_level}}"
         filter: "{{ parsed_event.message.severity_level|int(-1) >= 0 }}"
 
       - translate:
         dictionary:
-          3: "high"
-          1: "med"
+          1: "High"
+          2: "Medium"
+          3: "Low"
         mapping:
           parsed_event.message.severity_level: netskope.events.severity.level
-        filter: "{{ parsed_event.message.severity_level|int(-1) >= 0 }}"
+        fallback: "Info"
+        filter: '{{ parsed_event.message.severity_level|int(-1) >= 0 and parsed_event.message.type == "admin_audit_logs"}}'
 
       - set:
           netskope.dlp.action: "{{parsed_event.message.dlp_match_info[0].dlp_action}}"
diff --git a/Netskope/netskope_events/tests/test_audit_log_deleted_inline_policy.json b/Netskope/netskope_events/tests/test_audit_log_deleted_inline_policy.json
index cb0f1b9fd..54d769a10 100644
--- a/Netskope/netskope_events/tests/test_audit_log_deleted_inline_policy.json
+++ b/Netskope/netskope_events/tests/test_audit_log_deleted_inline_policy.json
@@ -29,7 +29,8 @@
         },
         "ccl": "unknown",
         "severity": {
-          "id": 2
+          "id": 2,
+          "level": "Medium"
         }
       }
     },
diff --git a/Netskope/netskope_events/tests/test_audit_log_edit_admin_record.json b/Netskope/netskope_events/tests/test_audit_log_edit_admin_record.json
index 495ab23ba..a2e7d9769 100644
--- a/Netskope/netskope_events/tests/test_audit_log_edit_admin_record.json
+++ b/Netskope/netskope_events/tests/test_audit_log_edit_admin_record.json
@@ -30,7 +30,7 @@
         "ccl": "unknown",
         "severity": {
           "id": 1,
-          "level": "med"
+          "level": "High"
         }
       }
     },
diff --git a/Netskope/netskope_events/tests/test_audit_log_login_failed.json b/Netskope/netskope_events/tests/test_audit_log_login_failed.json
index 3a3635c42..d873a9224 100644
--- a/Netskope/netskope_events/tests/test_audit_log_login_failed.json
+++ b/Netskope/netskope_events/tests/test_audit_log_login_failed.json
@@ -31,7 +31,7 @@
         "ccl": "unknown",
         "severity": {
           "id": 1,
-          "level": "med"
+          "level": "High"
         }
       }
     },
diff --git a/Netskope/netskope_events/tests/test_audit_log_login_successful.json b/Netskope/netskope_events/tests/test_audit_log_login_successful.json
index 3610e7704..4ddf2294e 100644
--- a/Netskope/netskope_events/tests/test_audit_log_login_successful.json
+++ b/Netskope/netskope_events/tests/test_audit_log_login_successful.json
@@ -30,7 +30,8 @@
         },
         "ccl": "unknown",
         "severity": {
-          "id": 2
+          "id": 2,
+          "level": "Medium"
         }
       }
     },
diff --git a/Netskope/netskope_events/tests/test_audit_log_logout_successful.json b/Netskope/netskope_events/tests/test_audit_log_logout_successful.json
index 0bb9a3414..5d676e0bd 100644
--- a/Netskope/netskope_events/tests/test_audit_log_logout_successful.json
+++ b/Netskope/netskope_events/tests/test_audit_log_logout_successful.json
@@ -29,7 +29,8 @@
         },
         "ccl": "unknown",
         "severity": {
-          "id": 2
+          "id": 2,
+          "level": "Medium"
         }
       }
     },
diff --git a/Netskope/netskope_events/tests/test_audit_log_password_change_successful.json b/Netskope/netskope_events/tests/test_audit_log_password_change_successful.json
index aa65a366c..817c24894 100644
--- a/Netskope/netskope_events/tests/test_audit_log_password_change_successful.json
+++ b/Netskope/netskope_events/tests/test_audit_log_password_change_successful.json
@@ -31,7 +31,7 @@
         "ccl": "unknown",
         "severity": {
           "id": 1,
-          "level": "med"
+          "level": "High"
         }
       }
     },
diff --git a/Netskope/netskope_events/tests/test_dlp_alert.json b/Netskope/netskope_events/tests/test_dlp_alert.json
index 11b8f8f31..30ca8ab38 100644
--- a/Netskope/netskope_events/tests/test_dlp_alert.json
+++ b/Netskope/netskope_events/tests/test_dlp_alert.json
@@ -85,7 +85,10 @@
           "name": "LinkedIn",
           "suite": "Linkedin App"
         },
-        "ccl": "medium"
+        "ccl": "medium",
+        "severity": {
+          "level": "unknown"
+        }
       }
     },
     "network": {
diff --git a/Netskope/netskope_events/tests/test_dlp_incident.json b/Netskope/netskope_events/tests/test_dlp_incident.json
index b3cb772d3..d5072d315 100644
--- a/Netskope/netskope_events/tests/test_dlp_incident.json
+++ b/Netskope/netskope_events/tests/test_dlp_incident.json
@@ -68,6 +68,9 @@
         "access_method": "Client",
         "application": {
           "name": "NextCloud"
+        },
+        "severity": {
+          "level": "Low"
         }
       }
     },
diff --git a/Netskope/netskope_events/tests/test_malware_alert.json b/Netskope/netskope_events/tests/test_malware_alert.json
index e1a0a66c5..e2b5e97de 100644
--- a/Netskope/netskope_events/tests/test_malware_alert.json
+++ b/Netskope/netskope_events/tests/test_malware_alert.json
@@ -65,7 +65,10 @@
           "category": "n/a",
           "name": "eicar"
         },
-        "ccl": "unknown"
+        "ccl": "unknown",
+        "severity": {
+          "level": "high"
+        }
       }
     },
     "network": {
diff --git a/Netskope/netskope_events/tests/test_nspolicy_block.json b/Netskope/netskope_events/tests/test_nspolicy_block.json
index 404b5d4ab..5c440073c 100644
--- a/Netskope/netskope_events/tests/test_nspolicy_block.json
+++ b/Netskope/netskope_events/tests/test_nspolicy_block.json
@@ -58,7 +58,10 @@
           "category": "General",
           "name": "DNS Over HTTPS"
         },
-        "ccl": "unknown"
+        "ccl": "unknown",
+        "severity": {
+          "level": "unknown"
+        }
       }
     },
     "network": {
diff --git a/Netskope/netskope_events/tests/test_nspolicy_log.json b/Netskope/netskope_events/tests/test_nspolicy_log.json
index 412ece514..46701fc9f 100644
--- a/Netskope/netskope_events/tests/test_nspolicy_log.json
+++ b/Netskope/netskope_events/tests/test_nspolicy_log.json
@@ -71,7 +71,10 @@
           "name": "Microsoft Office 365 Sharepoint Online",
           "suite": "Office365"
         },
-        "ccl": "excellent"
+        "ccl": "excellent",
+        "severity": {
+          "level": "unknown"
+        }
       }
     },
     "network": {
diff --git a/Netskope/netskope_events/tests/test_nspolicy_upload.json b/Netskope/netskope_events/tests/test_nspolicy_upload.json
index 314e7d7e1..24d524e63 100644
--- a/Netskope/netskope_events/tests/test_nspolicy_upload.json
+++ b/Netskope/netskope_events/tests/test_nspolicy_upload.json
@@ -66,7 +66,10 @@
           "category": "Remote Access",
           "name": "App"
         },
-        "ccl": "medium"
+        "ccl": "medium",
+        "severity": {
+          "level": "unknown"
+        }
       }
     },
     "network": {
diff --git a/Netskope/netskope_events/tests/test_user_alert.json b/Netskope/netskope_events/tests/test_user_alert.json
index bb5831a9c..a147abcf2 100644
--- a/Netskope/netskope_events/tests/test_user_alert.json
+++ b/Netskope/netskope_events/tests/test_user_alert.json
@@ -60,7 +60,10 @@
           "category": "Cloud Storage",
           "name": "WeTransfer"
         },
-        "ccl": "low"
+        "ccl": "low",
+        "severity": {
+          "level": "unknown"
+        }
       }
     },
     "network": {