When testing content with a specific number of matches. An incident is generated with fewer matches than expected, and fewer than the configured maximum matches.
You can test this by changing the policy to 'Count All Matches' and re-testing. You should see more matches than before, with the duplicates included, possibly up until you reach the Maximum Violation count.
Duplicate matches count towards the total number of violations allowed per the advanced server settings.
Namely:
IncidentDetection.patternConditionMaxViolations
DI.MaxViolations
The default for both of these is 100.
So if the content being inspected consists of 50 unique violations, followed by 50 duplicate violations, followed by 50 more unique violations. We will generate an incident with just 50 violations, because the duplicates counted towards the MaxViolations and resulted in hitting the default 100 violations before the remainder of the content was inspected.
You may consider using larger values for:
IncidentDetection.patternConditionMaxViolations
and
DI.MaxViolations
This will not outright solve the issue, but it will make detection more tolerant of duplicates, and will result in overall more matches in situations were many duplicates are present.