def rule(event):
    if all(
        [
            event.deep_get("Provider_Name", default="")
            == "Microsoft-Windows-SoftwareRestrictionPolicies",
            event.deep_get("EventID", default="") in [865, 866, 867, 868, 882],
        ]
    ):
        return True
    return False
