I've worked it out 🙂
If its useful for anyone else you need to set your time range to what's required and use the following 3 commands in the logs tab, new query box:
// security incidents
// Retrieves all Security Incident work items generated in this solution.
SecurityIncident
| where Severity == "Low"
Then hit export. New query
// security incidents
// Retrieves all Security Incident work items generated in this solution.
SecurityIncident
| where Severity == "Medium"
Then hit export, New query
// security incidents
// Retrieves all Security Incident work items generated in this solution.
SecurityIncident
| where Severity == "High"
Then hit export... Winner
There's probably an easier way but this has worked for me 🙂