SYSLOG entries all showing as Severity 6 from SEPM

Physical testing and packet captures show that the SEPM is sending all external logging to a Syslog server as Severity 6.
According to our BCP rep that is not the expected behavior. I would expect entries for things like Viruses and other Critical Security logs to come through as a higher priority than a Warning Client Activity log. We want to use MS Ops manager to flow these alerts downstream into our helpdesk ticketing system and these unique Syslog severities would be a huge benefit.