Correlation rules & nDepth searches work differently - rules work on multiple events but nDepth queries only work off single shared events.
I can see that you have UDPBombDenial & CoreAccess events in order for your rule to fire. You will need to determine what the main trigger is, which is likely the CoreAccess event. You could then note the time frames of that event & then query for other aspects to find events that might have matched during that timeframe.