Of course this is going to sound like a shameless plug, but honestly, the easiest way to do this is with the Prelert Anomaly Detective app.
Using the QuickMode feature, you can literally put this search in:
sourcetype=pan_threat severity!=informational | timechart count
and Anomaly Detective will automatically take care of baselining the normal occurrence rate and will offer you the ability to alert on significant deviations in the data (and if you'd like, also on-going, running in the background as well). How it works video: http://support.prelert.com/customer/portal/articles/1417340-quickmode
By the way, don't get caught up in trying to use standard deviation as your approach to express anomalousness. Standard deviation assumes that the data samples (in this case, "counts of events") conforms to a nice, symmetrical Gaussian Bell curve. In most cases, counts of things are better modeled by Poisson curves. Anomaly Detective automatically figures out the best statistical model for your data to maximize accuracy and minimize false alerting.
... View more