def rule(event):
    if any(
        [
            event.deep_get("OriginalFileName", default="") == "SharpView.exe",
            event.deep_get("Image", default="").endswith("\\SharpView.exe"),
            any(
                [
                    "Add-RemoteConnection" in event.deep_get("CommandLine", default=""),
                    "Convert-ADName" in event.deep_get("CommandLine", default=""),
                    "ConvertFrom-SID" in event.deep_get("CommandLine", default=""),
                    "ConvertFrom-UACValue" in event.deep_get("CommandLine", default=""),
                    "Convert-SidToName" in event.deep_get("CommandLine", default=""),
                    "Export-PowerViewCSV" in event.deep_get("CommandLine", default=""),
                    "Find-DomainObjectPropertyOutlier" in event.deep_get("CommandLine", default=""),
                    "Find-DomainProcess" in event.deep_get("CommandLine", default=""),
                    "Find-DomainShare" in event.deep_get("CommandLine", default=""),
                    "Find-DomainUserEvent" in event.deep_get("CommandLine", default=""),
                    "Find-DomainUserLocation" in event.deep_get("CommandLine", default=""),
                    "Find-ForeignGroup" in event.deep_get("CommandLine", default=""),
                    "Find-ForeignUser" in event.deep_get("CommandLine", default=""),
                    "Find-GPOComputerAdmin" in event.deep_get("CommandLine", default=""),
                    "Find-GPOLocation" in event.deep_get("CommandLine", default=""),
                    "Find-Interesting" in event.deep_get("CommandLine", default=""),
                    "Find-LocalAdminAccess" in event.deep_get("CommandLine", default=""),
                    "Find-ManagedSecurityGroups" in event.deep_get("CommandLine", default=""),
                    "Get-CachedRDPConnection" in event.deep_get("CommandLine", default=""),
                    "Get-DFSshare" in event.deep_get("CommandLine", default=""),
                    "Get-DomainComputer" in event.deep_get("CommandLine", default=""),
                    "Get-DomainController" in event.deep_get("CommandLine", default=""),
                    "Get-DomainDFSShare" in event.deep_get("CommandLine", default=""),
                    "Get-DomainDNSRecord" in event.deep_get("CommandLine", default=""),
                    "Get-DomainFileServer" in event.deep_get("CommandLine", default=""),
                    "Get-DomainForeign" in event.deep_get("CommandLine", default=""),
                    "Get-DomainGPO" in event.deep_get("CommandLine", default=""),
                    "Get-DomainGroup" in event.deep_get("CommandLine", default=""),
                    "Get-DomainGUIDMap" in event.deep_get("CommandLine", default=""),
                    "Get-DomainManagedSecurityGroup" in event.deep_get("CommandLine", default=""),
                    "Get-DomainObject" in event.deep_get("CommandLine", default=""),
                    "Get-DomainOU" in event.deep_get("CommandLine", default=""),
                    "Get-DomainPolicy" in event.deep_get("CommandLine", default=""),
                    "Get-DomainSID" in event.deep_get("CommandLine", default=""),
                    "Get-DomainSite" in event.deep_get("CommandLine", default=""),
                    "Get-DomainSPNTicket" in event.deep_get("CommandLine", default=""),
                    "Get-DomainSubnet" in event.deep_get("CommandLine", default=""),
                    "Get-DomainTrust" in event.deep_get("CommandLine", default=""),
                    "Get-DomainUserEvent" in event.deep_get("CommandLine", default=""),
                    "Get-ForestDomain" in event.deep_get("CommandLine", default=""),
                    "Get-ForestGlobalCatalog" in event.deep_get("CommandLine", default=""),
                    "Get-ForestTrust" in event.deep_get("CommandLine", default=""),
                    "Get-GptTmpl" in event.deep_get("CommandLine", default=""),
                    "Get-GroupsXML" in event.deep_get("CommandLine", default=""),
                    "Get-LastLoggedOn" in event.deep_get("CommandLine", default=""),
                    "Get-LoggedOnLocal" in event.deep_get("CommandLine", default=""),
                    "Get-NetComputer" in event.deep_get("CommandLine", default=""),
                    "Get-NetDomain" in event.deep_get("CommandLine", default=""),
                    "Get-NetFileServer" in event.deep_get("CommandLine", default=""),
                    "Get-NetForest" in event.deep_get("CommandLine", default=""),
                    "Get-NetGPO" in event.deep_get("CommandLine", default=""),
                    "Get-NetGroupMember" in event.deep_get("CommandLine", default=""),
                    "Get-NetLocalGroup" in event.deep_get("CommandLine", default=""),
                    "Get-NetLoggedon" in event.deep_get("CommandLine", default=""),
                    "Get-NetOU" in event.deep_get("CommandLine", default=""),
                    "Get-NetProcess" in event.deep_get("CommandLine", default=""),
                    "Get-NetRDPSession" in event.deep_get("CommandLine", default=""),
                    "Get-NetSession" in event.deep_get("CommandLine", default=""),
                    "Get-NetShare" in event.deep_get("CommandLine", default=""),
                    "Get-NetSite" in event.deep_get("CommandLine", default=""),
                    "Get-NetSubnet" in event.deep_get("CommandLine", default=""),
                    "Get-NetUser" in event.deep_get("CommandLine", default=""),
                    "Get-PathAcl" in event.deep_get("CommandLine", default=""),
                    "Get-PrincipalContext" in event.deep_get("CommandLine", default=""),
                    "Get-RegistryMountedDrive" in event.deep_get("CommandLine", default=""),
                    "Get-RegLoggedOn" in event.deep_get("CommandLine", default=""),
                    "Get-WMIRegCachedRDPConnection" in event.deep_get("CommandLine", default=""),
                    "Get-WMIRegLastLoggedOn" in event.deep_get("CommandLine", default=""),
                    "Get-WMIRegMountedDrive" in event.deep_get("CommandLine", default=""),
                    "Get-WMIRegProxy" in event.deep_get("CommandLine", default=""),
                    "Invoke-ACLScanner" in event.deep_get("CommandLine", default=""),
                    "Invoke-CheckLocalAdminAccess" in event.deep_get("CommandLine", default=""),
                    "Invoke-Kerberoast" in event.deep_get("CommandLine", default=""),
                    "Invoke-MapDomainTrust" in event.deep_get("CommandLine", default=""),
                    "Invoke-RevertToSelf" in event.deep_get("CommandLine", default=""),
                    "Invoke-Sharefinder" in event.deep_get("CommandLine", default=""),
                    "Invoke-UserImpersonation" in event.deep_get("CommandLine", default=""),
                    "Remove-DomainObjectAcl" in event.deep_get("CommandLine", default=""),
                    "Remove-RemoteConnection" in event.deep_get("CommandLine", default=""),
                    "Request-SPNTicket" in event.deep_get("CommandLine", default=""),
                    "Set-DomainObject" in event.deep_get("CommandLine", default=""),
                    "Test-AdminAccess" in event.deep_get("CommandLine", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
