def rule(event):
    if all(
        [
            event.deep_get("Provider_Name", default="") == "Service Control Manager",
            event.deep_get("EventID", default="") == 7023,
            any(
                [
                    any(
                        [
                            " Antivirus" in event.deep_get("param1", default=""),
                            " Firewall" in event.deep_get("param1", default=""),
                            "Application Guard" in event.deep_get("param1", default=""),
                            "BitLocker Drive Encryption Service"
                            in event.deep_get("param1", default=""),
                            "Encrypting File System" in event.deep_get("param1", default=""),
                            "Microsoft Defender" in event.deep_get("param1", default=""),
                            "Threat Protection" in event.deep_get("param1", default=""),
                            "Windows Event Log" in event.deep_get("param1", default=""),
                        ]
                    ),
                    any(
                        [
                            "770069006e0064006500660065006e006400"
                            in event.deep_get("Binary", default=""),
                            "4500760065006e0074004c006f006700"
                            in event.deep_get("Binary", default=""),
                            "6d0070007300730076006300" in event.deep_get("Binary", default=""),
                            "530065006e0073006500" in event.deep_get("Binary", default=""),
                            "450046005300" in event.deep_get("Binary", default=""),
                            "420044004500530056004300" in event.deep_get("Binary", default=""),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
