A security level represents a set of deny rules with different filter strengths. The security level is separately adjustable for each group on the Deny Rule tab of mappings. The overview on the global deny rule page (Application Firewall -> Deny Rules) indicates which deny rule is associated with which security levels. Using security levels, it is possible to adjust filter strength individually per attack type and mapping with a single click.
In order to change the security level on many groups and mappings at once, use the corresponding "bulk operations" on the reverse-proxy view.