The short answer to your question is "no" the SIEM won't be able to figure this out on its own, you will need to wrangle the data a bit.
You may accomplish this type of tracking by (1) parsing the data correctly or (2) enriching the data using the correct fields with an appropriate lookup table.
The fields that you're describing are likely from multiple disparate data sources that parse the user information into different fields. For example, your AD logs are likely parsing user name (domain\user) into the Source User field by default while your e-mail addresses (from Exchange/FireEye/etc) are likely parsing user name (user@domain) into the Destination User field. In these examples you could modify the AD log parser to match the domain and username separately with a regex of (?P<domain>[^\x5c]+)\x5c(?P<user>[^\s]+) and store the matched user name in a new Custom Field that is setup as a String (lets just call it UserName). The e-mail log parser could be modified to match username and domain separately with a regex of (?P<user>[^\x40]+)\x40(?P<domain>[^\s]+) and store the matched user into the Custom Field UserName. This way you may be able to pivot off of or correlate a malicious inbound e-mail with the same user going to a suspicious domain.
You could also perform data enrichment on the appropriate fields of those data source using an LDAP query to pull back additional user information and then pivot or correlate off of the enriched data, however we have had much greater success with parsing the information into the appropriate fields first.
As a note, be aware of case sensitivity when storing the fields; for example if you did parse fields into UserName please know that to the SIEM John.Smith@domain.com => John.Smith is not the same as domain\john.smith => john.smith.
I hope this helps get you headed in the right direction.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.