def rule(event):
    if all(
        [
            event.deep_get("EventID", default="") == 5157,
            any(
                [
                    event.deep_get("Application", default="").endswith("\\AmSvc.exe"),
                    event.deep_get("Application", default="").endswith("\\cb.exe"),
                    event.deep_get("Application", default="").endswith("\\CETASvc.exe"),
                    event.deep_get("Application", default="").endswith("\\CNTAoSMgr.exe"),
                    event.deep_get("Application", default="").endswith("\\CrAmTray.exe"),
                    event.deep_get("Application", default="").endswith("\\CrsSvc.exe"),
                    event.deep_get("Application", default="").endswith("\\CSFalconContainer.exe"),
                    event.deep_get("Application", default="").endswith("\\CSFalconService.exe"),
                    event.deep_get("Application", default="").endswith("\\CybereasonAV.exe"),
                    event.deep_get("Application", default="").endswith("\\CylanceSvc.exe"),
                    event.deep_get("Application", default="").endswith("\\cyserver.exe"),
                    event.deep_get("Application", default="").endswith("\\CyveraService.exe"),
                    event.deep_get("Application", default="").endswith("\\CyvrFsFlt.exe"),
                    event.deep_get("Application", default="").endswith("\\EIConnector.exe"),
                    event.deep_get("Application", default="").endswith("\\elastic-agent.exe"),
                    event.deep_get("Application", default="").endswith("\\elastic-endpoint.exe"),
                    event.deep_get("Application", default="").endswith("\\EndpointBasecamp.exe"),
                    event.deep_get("Application", default="").endswith(
                        "\\ExecutionPreventionSvc.exe"
                    ),
                    event.deep_get("Application", default="").endswith("\\filebeat.exe"),
                    event.deep_get("Application", default="").endswith("\\fortiedr.exe"),
                    event.deep_get("Application", default="").endswith("\\hmpalert.exe"),
                    event.deep_get("Application", default="").endswith("\\hurukai.exe"),
                    event.deep_get("Application", default="").endswith("\\LogProcessorService.exe"),
                    event.deep_get("Application", default="").endswith("\\mcsagent.exe"),
                    event.deep_get("Application", default="").endswith("\\mcsclient.exe"),
                    event.deep_get("Application", default="").endswith("\\MsMpEng.exe"),
                    event.deep_get("Application", default="").endswith("\\MsSense.exe"),
                    event.deep_get("Application", default="").endswith("\\Ntrtscan.exe"),
                    event.deep_get("Application", default="").endswith("\\PccNTMon.exe"),
                    event.deep_get("Application", default="").endswith("\\QualysAgent.exe"),
                    event.deep_get("Application", default="").endswith("\\RepMgr.exe"),
                    event.deep_get("Application", default="").endswith("\\RepUtils.exe"),
                    event.deep_get("Application", default="").endswith("\\RepUx.exe"),
                    event.deep_get("Application", default="").endswith("\\RepWAV.exe"),
                    event.deep_get("Application", default="").endswith("\\RepWSC.exe"),
                    event.deep_get("Application", default="").endswith("\\sedservice.exe"),
                    event.deep_get("Application", default="").endswith("\\SenseCncProxy.exe"),
                    event.deep_get("Application", default="").endswith("\\SenseIR.exe"),
                    event.deep_get("Application", default="").endswith("\\SenseNdr.exe"),
                    event.deep_get("Application", default="").endswith("\\SenseSampleUploader.exe"),
                    event.deep_get("Application", default="").endswith("\\SentinelAgent.exe"),
                    event.deep_get("Application", default="").endswith("\\SentinelAgentWorker.exe"),
                    event.deep_get("Application", default="").endswith(
                        "\\SentinelBrowserNativeHost.exe"
                    ),
                    event.deep_get("Application", default="").endswith(
                        "\\SentinelHelperService.exe"
                    ),
                    event.deep_get("Application", default="").endswith("\\SentinelServiceHost.exe"),
                    event.deep_get("Application", default="").endswith(
                        "\\SentinelStaticEngine.exe"
                    ),
                    event.deep_get("Application", default="").endswith(
                        "\\SentinelStaticEngineScanner.exe"
                    ),
                    event.deep_get("Application", default="").endswith("\\sfc.exe"),
                    event.deep_get("Application", default="").endswith("\\sophos ui.exe"),
                    event.deep_get("Application", default="").endswith("\\sophosfilescanner.exe"),
                    event.deep_get("Application", default="").endswith("\\sophosfs.exe"),
                    event.deep_get("Application", default="").endswith("\\sophoshealth.exe"),
                    event.deep_get("Application", default="").endswith("\\sophosips.exe"),
                    event.deep_get("Application", default="").endswith(
                        "\\sophosLivequeryservice.exe"
                    ),
                    event.deep_get("Application", default="").endswith("\\sophosnetfilter.exe"),
                    event.deep_get("Application", default="").endswith("\\sophosntpservice.exe"),
                    event.deep_get("Application", default="").endswith("\\sophososquery.exe"),
                    event.deep_get("Application", default="").endswith("\\sspservice.exe"),
                    event.deep_get("Application", default="").endswith("\\TaniumClient.exe"),
                    event.deep_get("Application", default="").endswith("\\TaniumCX.exe"),
                    event.deep_get("Application", default="").endswith("\\TaniumDetectEngine.exe"),
                    event.deep_get("Application", default="").endswith("\\TMBMSRV.exe"),
                    event.deep_get("Application", default="").endswith("\\TmCCSF.exe"),
                    event.deep_get("Application", default="").endswith("\\TmListen.exe"),
                    event.deep_get("Application", default="").endswith("\\TmWSCSvc.exe"),
                    event.deep_get("Application", default="").endswith("\\Traps.exe"),
                    event.deep_get("Application", default="").endswith("\\winlogbeat.exe"),
                    event.deep_get("Application", default="").endswith("\\WSCommunicator.exe"),
                    event.deep_get("Application", default="").endswith("\\xagt.exe"),
                ]
            ),
        ]
    ):
        return True
    return False
