def rule(event):
    if all(
        [
            event.deep_get("c-useragent", default="")
            == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.54 Safari/537.36",
            event.deep_get("cs-method", default="") == "POST",
            event.deep_get("sc-status", default="") == 200,
            "/owa/mastermailbox" in event.deep_get("c-uri", default=""),
            "/powershell" in event.deep_get("c-uri", default=""),
        ]
    ):
        return True
    return False
