I think it can do it with "X-Forwarded-For" header but not "Original Client IP" header.
https://www.cisco.com/c/dam/en/us/td/docs/security/firesight/531/PDFs/FireSIGHT-System-eStreamer-Integration-Guide-5-3-1.pdf page 77 of the pdf shows the detail...