From the UDS Guide:
Severity: An attack definition can have a severity of low, medium, or high.
In case of McAfee Custom Attacks, you can specify the severity. You can also modify the severity of an existing custom attack.
In case of Snort, it is based on the priority value of the rule. For a rule, this priority could be derived on its classtype or the priority option.
If you add Priority:1 to the rule - it will show with a 'high severity' (not as mentioned on my last reply), while priority:3 (or maybe 4 - I can't remember) would be the lowest severity.
You will need to modify the snort rule to add the priority attribute, i.e:
alert udp any any -> any 53 (msg:"High NULL requests - Potential DNS Tunneling"; content:"|01 00|"; offset:2; within :4; content:"|00 00 0a 00 01|"; offset:12; within:255; threshold: type threshold, track by_src, count 10, seconds 5; sid: 5700001; priority:1; rev: 1)
This will show the SNORT rule on the master policy with a severity high (7 or above).
Also, another couple of points on the above rule and similar rules you want to use:
The custom attack editor guide has more details on what attributes are and are not supported when importing snort rules.