This is the way to do it.
Step 1: You should install Sysmon on all computers.
Step 2: Configure Windows Event Subscription on central Windows server to pull all Sysmon logs from clients and store in "Forward Events".
Step 3: Install on this Windows Server "NX Log Free Edition" and configure it to send Syslog in JSON format to McAfee SIEM.
Step 4: Create new device with IP on that Windows Server and enable Generic Syslog support.
Step 5: Enable JSON parser on the device policy.
Thank you for posting - I would caution anyone using this setup to double check the original Sysmon events and compare them against what the SIEM parses. You will find that the default parsers for events like ProcessCreate leave out critical information like parent processes etc - same goes for the parsing of 4688 events. To work around this we had to create our own application which pulls Sysmon logs and converts them to a flat text file to be ingested by the SIEM collector.
i have already done this now. i am getting the messages in syslog format and then created custom parsers for it to work. its excellent especially for things like hash information.