def rule(event):
    if all(
        [
            "Set-MpPreference" in event.deep_get("Data", default=""),
            any(
                [
                    any(
                        [
                            "-dbaf $true" in event.deep_get("Data", default=""),
                            "-dbaf 1" in event.deep_get("Data", default=""),
                            "-dbm $true" in event.deep_get("Data", default=""),
                            "-dbm 1" in event.deep_get("Data", default=""),
                            "-dips $true" in event.deep_get("Data", default=""),
                            "-dips 1" in event.deep_get("Data", default=""),
                            "-DisableArchiveScanning $true" in event.deep_get("Data", default=""),
                            "-DisableArchiveScanning 1" in event.deep_get("Data", default=""),
                            "-DisableBehaviorMonitoring $true"
                            in event.deep_get("Data", default=""),
                            "-DisableBehaviorMonitoring 1" in event.deep_get("Data", default=""),
                            "-DisableBlockAtFirstSeen $true" in event.deep_get("Data", default=""),
                            "-DisableBlockAtFirstSeen 1" in event.deep_get("Data", default=""),
                            "-DisableCatchupFullScan $true" in event.deep_get("Data", default=""),
                            "-DisableCatchupFullScan 1" in event.deep_get("Data", default=""),
                            "-DisableCatchupQuickScan $true" in event.deep_get("Data", default=""),
                            "-DisableCatchupQuickScan 1" in event.deep_get("Data", default=""),
                            "-DisableIntrusionPreventionSystem $true"
                            in event.deep_get("Data", default=""),
                            "-DisableIntrusionPreventionSystem 1"
                            in event.deep_get("Data", default=""),
                            "-DisableIOAVProtection $true" in event.deep_get("Data", default=""),
                            "-DisableIOAVProtection 1" in event.deep_get("Data", default=""),
                            "-DisableRealtimeMonitoring $true"
                            in event.deep_get("Data", default=""),
                            "-DisableRealtimeMonitoring 1" in event.deep_get("Data", default=""),
                            "-DisableRemovableDriveScanning $true"
                            in event.deep_get("Data", default=""),
                            "-DisableRemovableDriveScanning 1"
                            in event.deep_get("Data", default=""),
                            "-DisableScanningMappedNetworkDrivesForFullScan $true"
                            in event.deep_get("Data", default=""),
                            "-DisableScanningMappedNetworkDrivesForFullScan 1"
                            in event.deep_get("Data", default=""),
                            "-DisableScanningNetworkFiles $true"
                            in event.deep_get("Data", default=""),
                            "-DisableScanningNetworkFiles 1" in event.deep_get("Data", default=""),
                            "-DisableScriptScanning $true" in event.deep_get("Data", default=""),
                            "-DisableScriptScanning 1" in event.deep_get("Data", default=""),
                            "-MAPSReporting $false" in event.deep_get("Data", default=""),
                            "-MAPSReporting 0" in event.deep_get("Data", default=""),
                            "-drdsc $true" in event.deep_get("Data", default=""),
                            "-drdsc 1" in event.deep_get("Data", default=""),
                            "-drtm $true" in event.deep_get("Data", default=""),
                            "-drtm 1" in event.deep_get("Data", default=""),
                            "-dscrptsc $true" in event.deep_get("Data", default=""),
                            "-dscrptsc 1" in event.deep_get("Data", default=""),
                            "-dsmndf $true" in event.deep_get("Data", default=""),
                            "-dsmndf 1" in event.deep_get("Data", default=""),
                            "-dsnf $true" in event.deep_get("Data", default=""),
                            "-dsnf 1" in event.deep_get("Data", default=""),
                            "-dss $true" in event.deep_get("Data", default=""),
                            "-dss 1" in event.deep_get("Data", default=""),
                        ]
                    ),
                    any(
                        [
                            "HighThreatDefaultAction Allow" in event.deep_get("Data", default=""),
                            "htdefac Allow" in event.deep_get("Data", default=""),
                            "LowThreatDefaultAction Allow" in event.deep_get("Data", default=""),
                            "ltdefac Allow" in event.deep_get("Data", default=""),
                            "ModerateThreatDefaultAction Allow"
                            in event.deep_get("Data", default=""),
                            "mtdefac Allow" in event.deep_get("Data", default=""),
                            "SevereThreatDefaultAction Allow" in event.deep_get("Data", default=""),
                            "stdefac Allow" in event.deep_get("Data", default=""),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
