For the average user it's not clear enough from Use section about how to check the results of sysmon in Event Viewer for possible malicious activity on the machine

Yes analysis is hard and not for the “average user”. Sysmon collects data. It does not analyse. While a SIEM is pretty much essential given the volume of events. It takes knowledge and experience that needs developed in a person over time. An average user won’t have much luck, unless they work at developing those skills, but then that’s not the average user

Average user != Beginner which usually means a simple how-to will be sufficient enough