Rudimentary OSSEC/Wazuh decoder for Sysmon For Linux events. Drop it in /var/ossec/etc/decoders, restart OSSEC/Wazuh and start writing detection rules like you would do for Windows events!
It's not perfect, but it will have to do until Sysmon For Linux supports JSON format and separate log files! Meanwhile, feel free to make suggestions for improvements.