Bump severities to high (#775)

Author: jkamdjou

detection-rules/attachment_docusign_image_suspicious_links.yml

@@ -1,7 +1,7 @@
 name: "Attachment: DocuSign image lure with no DocuSign domains in links"
 description: "Detects DocuSign phishing emails with no DocuSign links, a DocuSign logo attached, from a first-time sender."
 type: "rule"
-severity: "medium"
+severity: "high"
 source: |
   type.inbound
   and length(filter(attachments, .file_type not in $file_types_images)) == 0

detection-rules/attachment_microsoft_image_lure_qr_code.yml

@@ -2,7 +2,7 @@ name: "Brand impersonation: Microsoft (QR code)"
 description: |
   Detects messages using Microsoft image based lures, referencing or including a QR code from an Unsolicited sender. These messages often lead users to phishing sites or initiate unwanted downloads.
 type: "rule"
-severity: "medium"
+severity: "high"
 source: |
   type.inbound
   and (

detection-rules/attachment_office365_image.yml

@@ -2,7 +2,7 @@ name: "Attachment: Office365 image (unsolicited)"
 description: |
   Looks for messages with an image attachment that contains words related to Microsoft, Office365, and passwords.
 type: "rule"
-severity: "medium"
+severity: "high"
 source: |
   type.inbound
   and length(filter(attachments, .file_type not in $file_types_images)) == 0