how does Symantec rate exploit/vulnerability before adding it to SEP IPS signatures?
Security response team looks into this before adding into IPS signature. THe ratings mostly have CVE.
Does it add "in the wild" exploit as well? How about exploit to Apache and such?
check these list of signatures available
http://www.symantec.com/security_response/attacksignatures/
Let say certain exploit is detected by different IPS (hardware IPS) but not by SEP IPS, how does we escalate it?
you can talk to support and request for addition of signature in SEP IPS.