During the testing of a QA/Staging detector (non-production) it was working as expected. Once you deployed the additional production (or second) detector, you are starting to see missing incidents in Enforce. This can happen even though Response Rules seem to be triggering properly from the associated policies.
Release : 15.8+
Please check the Enforce ID of your production Enforce and compare it to the Enforce ID of the staging/QA Enforce server. If these IDs are the same (typical from cloning environments), then this will cause a shipping conflict and incidents will be sent to whichever Enforce last connected to the Cloud Service Gateway. But a restart of the MonitorController on the other Enforce will "steal the focus" and incidents will be shipped to THAT server. Thus, incidents go missing.
You must deploy a unique Enforce environment with a unique Enforce ID, there cannot be multiple Enforce servers with the same ID and same MPKI cert (account). Please open a case with support for assistance with this issue.