hi Will,
Your rule looks right. Are you seeing ProcessStart LEM Events like below if you run an nDepth query "Event Name" = ProcessStart ?
If not - as evileyes07 said, you need to first of all ensure there is an Agent installed on this computer. You will also need to ensure that the Process Tracking is enabled to generate a Windows Event log. See below
