diff --git a/monitor_agent.py b/monitor_agent.py
index 01e8dba..7130cb6 100755
--- a/monitor_agent.py
+++ b/monitor_agent.py
@@ -333,7 +333,7 @@ def analyze_data_locally(data, baselines, known_issues, port_applications):
         for ip, count in blocked_ips.items():
             if count > 10:
                 anomalies.append({
-                    "severity": "high",
+                    "severity": "medium",
                     "reason": f"High number of blocked connections ({count}) from IP address: {ip}"
                 })