There is no visual notifications to show if a CAG is being matched. You would need to enable debug logging to review the CAG configuration in the debug log files. Please see the below KB article (applies to Host IPS 7.0, but is pretty much the same steps).
KB65560 - Troubleshooting Host Intrusion Prevention Connection Aware Groups
1 of 1 people found this helpful
A "workaround" could also be to name the rules in the CAG with a CAG specific prefix, e.g. name all rules in a VPN CAG -> "VPN-Allow all" and so on ...
The rule name is shown directly in the activity log of the HIPS gui.
Thanks to both of you (Kary and metalhead). This helps me a lot!