def rule(event):
    if all(
        [
            "\\Microsoft\\Windows Defender\\Threats\\ThreatSeverityDefaultAction\\"
            in event.deep_get("TargetObject", default=""),
            any(
                [
                    event.deep_get("TargetObject", default="").endswith("\\1"),
                    event.deep_get("TargetObject", default="").endswith("\\2"),
                    event.deep_get("TargetObject", default="").endswith("\\4"),
                    event.deep_get("TargetObject", default="").endswith("\\5"),
                ]
            ),
            event.deep_get("Details", default="") in ["DWORD (0x00000006)", "DWORD (0x00000009)"],
        ]
    ):
        return True
    return False
