import re


def rule(event):
    if any(
        [
            re.match(
                r"^.*-Properties.*TrustedForDelegation.*$",
                event.deep_get("ScriptBlockText", default=""),
            ),
            re.match(
                r"^.*-Properties.*TrustedToAuthForDelegation.*$",
                event.deep_get("ScriptBlockText", default=""),
            ),
            re.match(
                r"^.*-Properties.*msDS-AllowedToDelegateTo.*$",
                event.deep_get("ScriptBlockText", default=""),
            ),
            re.match(
                r"^.*-Properties.*PrincipalsAllowedToDelegateToAccount.*$",
                event.deep_get("ScriptBlockText", default=""),
            ),
            re.match(
                r"^.*-LDAPFilter.*(userAccountControl:1.2.840.113556.1.4.803:=524288).*$",
                event.deep_get("ScriptBlockText", default=""),
            ),
        ]
    ):
        return True
    return False
