Trying to find alerts that got updated with an increased severity.
E.g. an alarm with severity major was sent to SOI. After some time the alert gets an update with the severity critical.
 
Different approaches were attempted with the Event Policy editor.
One attempt was using the property SeverityTrend. E.g. SeverityTrend=’Increasing’. But this does not seem to work.
Where does this property get its values from? 
 
Another attempt was checking for an update in a specified time with the following search criteria:
Event Pattern 1: AlertedMdrElementID=? and Severity='Minor'
Event Pattern 2: AlertedMdrElementID=? and Severity='Major'
All events occur within 30 seconds.
Sequence enforced checked.
 
This is working, but as it is not known what kind of an update will be sent for the severity, event policies have to be created for each possible combination. 

Release : 4.2

Component : SOI ALERT MANAGEMENT

Further background to this states that there is a helpdesk integration in place to open tickets from alarms.

Alarms are then automatically Acknowledged and such alarms are filtered from view, so operators are not aware of changes in severity.

The SeverityTrend property is available in the USM schema of Alarm so either it should come from the Source product or should be populated using the connector policy file.

The problem is that the previous Severity value is not retained in SOI and the alerts table contains only the current value so it is difficult to identify SeverityTrend in SOI.

The following two options can be tried:
1) Get SeverityTrend details from the source product and update the connector policy file to send this information in SOI. 
2) Populate SeverityTrend property by the connector policy file based on certain conditions.  

Once this property is populated, it can be used in Eventpolicy as required.

Possible values of SeverityTrend property can be one of "Increasing", "Decreasing", "NoChange", "Unknown"

In summary, the SOI manager itself does not track the alert severity level history, an enhancement request has been raised for such a feature to be implemented.