If you are receiving ACL Deny alerts and Netprobes they should both contain the source and destination IP addresses.
Normally these types of messages arrive in pairs, the first telling you that the alert has been triggered (so many ACL deny events in a specific time frame) and the other containing a digest of the individual audit events. It is this second message where you will find the source and destination IP address details - along with protocol types, port numbers, etc...
I don't believe you can actually change the contents of these alert e-mails, but you'll find some customization of the when and how aspects of these messages are delivered in the Monitor -> Attack Responses and Monitor -> System Responses GUI screens.
Thanks PhilM for the answer.
I went into monitor->attack Responses and selected acl deny then selected response settings and added my email address for a contact. I apoligize I failed to tell you that the alerts were sent as txt messages to my phone ( maybe my flip phone won't display that much text). most of the times however I would just receive one txt message that would display basically the attack type and time I would post one but I have cleared them all. I will wait until I get one in my email and see what that does and let you know. Again thank you.
Phil you were right.
As usual when you want something to happen it doesn't I had to go into the firewall adjust the criteria in order to get a hit then checked my e-mail and it was there just like you said.