def rule(event):
    if all(
        [
            event.deep_get("Status", default="") == "Success",
            event.deep_get("AuthenticationRequirement", default="") == "singleFactorAuthentication",
            event.deep_get("RiskState", default="") == "atRisk",
            any(
                [
                    event.deep_get("DeviceDetail", "trusttype", default="") == "",
                    event.deep_get("DeviceDetail", "trusttype", default="") == "",
                ]
            ),
        ]
    ):
        return True
    return False
