def rule(event):
    if any(
        [
            event.deep_get("TargetObject", default="").endswith(
                "\\DeviceGuard\\EnableVirtualizationBasedSecurity"
            ),
            event.deep_get("TargetObject", default="").endswith("\\DeviceGuard\\LsaCfgFlags"),
            event.deep_get("TargetObject", default="").endswith(
                "\\DeviceGuard\\RequirePlatformSecurityFeatures"
            ),
            event.deep_get("TargetObject", default="").endswith("\\Lsa\\LsaCfgFlags"),
        ]
    ):
        return True
    return False
