Got an answer from McAfee...
They do not know either what it is supposed to be (lol) and admit that the fields is set to different values depending on the log type. (e.g the host field should be set to the datasource name unless it is a connection event were it is populated with the hostname of the client which connected.)
I will eventually log a PER to transform this field into 3 different fields:
But again I doubt it will be pushed to the product...