The HostIncident is "inferred" when it sees the ObjectDelete (the infer/incident actions are intended to raise visibility of potential issues so that you can track them). If the rule is firing, it is at least seeing the original ObjectDelete event as well.
2000, XP, and 2003 log this as Event ID 517: Windows Security Log Event ID 517 - The audit log was cleared
Vista, 2008, later log this as Event ID 1102: Windows Security Log Event ID 1102 - The audit log was cleared
They look almost identical though and should both trigger the rule.