def rule(event):
    if any(
        [
            all(
                [
                    event.deep_get("EventID", default="") == 4738,
                    not any(
                        [
                            event.deep_get("AllowedToDelegateTo", default="") in ["", "-"],
                            event.deep_get("AllowedToDelegateTo", default="") == "",
                        ]
                    ),
                ]
            ),
            any(
                [
                    all(
                        [
                            event.deep_get("EventID", default="") == 5136,
                            event.deep_get("AttributeLDAPDisplayName", default="")
                            == "msDS-AllowedToDelegateTo",
                        ]
                    ),
                    all(
                        [
                            event.deep_get("EventID", default="") == 5136,
                            event.deep_get("ObjectClass", default="") == "user",
                            event.deep_get("AttributeLDAPDisplayName", default="")
                            == "servicePrincipalName",
                        ]
                    ),
                    all(
                        [
                            event.deep_get("EventID", default="") == 5136,
                            event.deep_get("AttributeLDAPDisplayName", default="")
                            == "msDS-AllowedToActOnBehalfOfOtherIdentity",
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
