Hello @john_keese,
So, with the agent enhancements you can monitor the System, Security and Application categories of windows events, however the Sysmon logs fall into the Operational category.
The agent today is hardcoded with those 3 categories only, but we are actively looking for improvements that will allow more flexibility.
As far as a workaround goes, you could leverage NXLog, with is a 3rd party agent capable or selecting a category and even event types from Windows, and it then sends them through syslog. This method would require you to set up a Custom Syslog event source, and the parsing would need to be done using the custom parser.
Hopefully we can bring more updates to out agent soon, but in the meantime I hope this information helps you.
Regards,
Felipe