Hi , Could you please provide little more details about the setup?

If it's a proxy and you are talking about http request based intrusive events, you can enable original client is option in NAP policy.

If you are talking about intrusion event for dns request going to your dns server from internal machines,the event details would show the requester client ip address seen by firepower.

Hope it helps,

Yogesh