Those events are coming from the ACE Risk Manager. If you don't have a need for that Manager just disable it from the Correlation Management found in ACE Properties.
Because those events are generated by an ACE you can't filter them like on a Receiver and opt for ELM only.
This is because of risk correlation, in this case it is Destination IP Risk so it's not giving you any source IP address
Similarly for source IP Risk you will get only source IP's and destination is empty
And majorities are based on below
Risk correlation generates a risk score using rule-less correlation. Rule-based correlation only detects known threat patterns, requiring constant signature tuning and updates to be effective. Rule-less correlation replaces detection signatures with a one-time configuration: Identify what is important to your business (such as a particular service or application, a group of users, or specific types of data). Risk Correlation then tracks all activity related to those items, building a dynamic risk score that raises or lowers based on real-time activity.