def rule(event):
    if all(
        [
            event.deep_get("type", default="") == "SYSCALL",
            event.deep_get("SYSCALL", default="") == "sysinfo",
            not event.deep_get("exe", default="").endswith("/bin/splunkd"),
        ]
    ):
        return True
    return False
