macOS Unified Logs: Is it possible to obtain missing security context (login user, source IP, AirDrop file names)?

I am currently working on security monitoring and incident investigation use cases on macOS and relying mainly on native logging sources such as Unified Logs, Security logs, and bash/zsh history.

However, I have noticed important limitations in the data available by default. In many cases, it is not possible to reliably identify:

• The local user who initiated a login session on the endpoint
• Source or destination IP addresses for user logins or remote access
• File names and details of files transferred via AirDrop
• Full context around certain authentication and user activity events

My question is whether macOS natively exposes this information through any log subsystem, configuration, or supported mechanism that may not be enabled by default (e.g., Unified Logging predicates, auditd/BSM, Endpoint Security framework, etc.), or if this level of visibility fundamentally requires third-party tools (EDR, MDM, agents).

Any guidance, documentation, or clarification from Apple engineers or experienced macOS admins would be greatly appreciated.