def rule(event):
    if all(
        [
            event.deep_get("EventID", default="") == 1119,
            event.deep_get("SourceName", default="") == "Real-Time Protection",
            any(
                [
                    all(
                        [
                            event.deep_get("Path", default="").endswith(
                                "\\TieringEngineService.exe"
                            ),
                            event.deep_get("ThreatName", default="").endswith("EICAR_Test_File"),
                        ]
                    ),
                    event.deep_get("ProcessName", default="").endswith("\\RedSun.exe"),
                ]
            ),
        ]
    ):
        return True
    return False
