In testing of these alerts and policies on a test JVM, I have found that if you have the Trigger set to Severity Change you get an alert both when it goes into a critical state, also when it returns to normal.  I don’t know if this is a bug or if I am just not understanding the process properly.

But, of the email alerts I get in testing where I have enabled most of the variables in my channel so I can try to see as much as possible, the Severity is marked as information.   I don’t understand why when my policy clearly shows the filter Severity to be critical, do I get an alert where it shows the severity was information.

Release : SAAS

This is by design.  If you have the Trigger set for "Severity Change", you will get a notification for both when it goes above a severity level and when it goes back down below that severity level.  So a notification that it breached the major/critical threshold and another one that it returned back to normal (when it does so).