Check the alert details to determine if this a Global Summary alert.
If it is, then that would explain what is happening.
With a Global Summary the sensor will simply count the number of times the attack happens in a certain amount of time. Because it counts attacks from any source address to any destination address it does not individually report them.
If this happens to be the case, then there are changes to the sensor that can be made to prevent the alert from going into Global Summary mode so that individual addresses will be reported.
If you are not seeing this a Global Summary, then there may be a bug that I am not aware of.
A copy of the alarm as it is recorded in the sensor's log file would be needed to debug further.
(Need the actual alarm as seen in the sensor log file, often screen captures from monitoring tools do not show all of the necessary alarm fields).
