Check this
Current IP Address
This is the IP address the client has now (or had at the last time it talked to SEPM).
Historical IP Address
This is the IP address the client had when the attack occurred.
Remote Host IP
This is the IP address of the other guy (usually the guy attacked this system)