def rule(event):
    if all(
        [
            event.deep_get("eventType", default="") == "policy.evaluate_sign_on",
            event.deep_get("target", "displayName", default="") == "Okta Admin Console",
            any(
                [
                    "POSITIVE"
                    in event.deep_get("debugContext", "debugData", "behaviors", default=""),
                    "POSITIVE"
                    in event.deep_get(
                        "debugContext", "debugData", "logOnlySecurityData", default=""
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
