is the Activate Rules button grayed out?
The only other common reason why rules don't fire is because the LEM Manager time is not synchronized. So, the event timestamps would fall outside the 'Response window' of your rule definition, and hence wouldn't fire.
You can infer time mismatch issues from the timestamps of the internal audit events that you see under the LEM Internal Events filter and the events for which you are trying to correlate