When the rule triggers I assume you can see a corresponding 'InternalRuleFilred' event within the Rule Activity filter in the Monitor section?
If you then click on the rule in question & then Explore -> Event, this should show you the events that caused that rule to trigger.
Using the UserLogonFailure rule above as an example, the rule will trigger if there are 3 UserLogonFailure events within 10 seconds:
When I explore the InternalRuleFired event, I can then see which Logon Failure events caused that rule to trigger:
Does this work for your rule?