This is the way to do it.
Step 1: You should install Sysmon on all computers.
Step 2: Configure Windows Event Subscription on central Windows server to pull all Sysmon logs from clients and store in "Forward Events".
Step 3: Install on this Windows Server "NX Log Free Edition" and configure it to send Syslog in JSON format to McAfee SIEM.
Step 4: Create new device with IP on that Windows Server and enable Generic Syslog support.
Step 5: Enable JSON parser on the device policy.
Retrieving data ...