I've started to test PowerShell logging within the SIEM and it doesn't look like the events are being parsed properly, here is the text from an Event (800):
And here is how the SIEM sees it:
The packet has the data I'm looking for (blue highlight box) :
Is this a parsing issue or just how the SIEM sees these types of events?
I usually check the Description tab as well to see if the mapping is being done for the field I'm interested in.
If McAfee didn't map it I think you should open a case.