Depending on what it is you're after, the logs with sysmon generates already exist within the Windows Event Viewer, and therefore queryable with XDR. It will largely be dependent on what audit level you have across your environment for the detections or investigation to be possible. Hope this helps.
