Whenever there's an issue with a policy that uses Indexed Document Matching (IDM) detection rules, one of the possible reasons may be that the IDM index generated on Enforce has not been successfully deployed to the Detection Server that should be generating the incident.
There are a couple of ways to check if the IDM index has been properly pushed out to the detection server. Follow the steps below: