def rule(event):
    if all(
        [
            any(
                [
                    event.deep_get("SourceImage", default="").endswith("\\explorer.exe"),
                    event.deep_get("SourceImage", default="").endswith("\\iexplore.exe"),
                    event.deep_get("SourceImage", default="").endswith("\\msiexec.exe"),
                    event.deep_get("SourceImage", default="").endswith("\\powerpnt.exe"),
                    event.deep_get("SourceImage", default="").endswith("\\schtasks.exe"),
                    event.deep_get("SourceImage", default="").endswith("\\winlogon.exe"),
                ]
            ),
            not any(
                [
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            == "C:\\Windows\\System32\\winlogon.exe",
                            event.deep_get("TargetImage", default="")
                            in [
                                "C:\\Windows\\System32\\services.exe",
                                "C:\\Windows\\System32\\wininit.exe",
                                "C:\\Windows\\System32\\csrss.exe",
                                "C:\\Windows\\System32\\LogonUI.exe",
                                "C:\\Windows\\System32\\wlrmdr.exe",
                                "C:\\Windows\\System32\\AtBroker.exe",
                                "C:\\Windows\\System32\\dwm.exe",
                                "C:\\Windows\\System32\\fontdrvhost.exe",
                                "C:\\Windows\\System32\\userinit.exe",
                            ],
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            == "C:\\Windows\\System32\\winlogon.exe",
                            event.deep_get("TargetParentProcessId", default="") == 4,
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            in [
                                "C:\\Windows\\System32\\schtasks.exe",
                                "C:\\Windows\\SysWOW64\\schtasks.exe",
                            ],
                            event.deep_get("TargetImage", default="")
                            == "C:\\Windows\\System32\\conhost.exe",
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            == "C:\\Windows\\explorer.exe",
                            any(
                                [
                                    event.deep_get("TargetImage", default="").startswith(
                                        "C:\\Program Files (x86)\\"
                                    ),
                                    event.deep_get("TargetImage", default="").startswith(
                                        "C:\\Program Files\\"
                                    ),
                                    event.deep_get("TargetImage", default="").startswith(
                                        "C:\\Windows\\System32\\"
                                    ),
                                    event.deep_get("TargetImage", default="").startswith(
                                        "C:\\Windows\\SysWOW64\\"
                                    ),
                                ]
                            ),
                        ]
                    ),
                    event.deep_get("TargetImage", default="") == "System",
                    all(
                        [
                            event.deep_get("SourceImage", default="").endswith("\\msiexec.exe"),
                            any(
                                [
                                    "\\AppData\\Local\\"
                                    in event.deep_get("TargetImage", default=""),
                                    "C:\\Program Files (x86)\\"
                                    in event.deep_get("TargetImage", default=""),
                                    "C:\\Program Files\\"
                                    in event.deep_get("TargetImage", default=""),
                                    "C:\\Windows\\Microsoft.NET\\Framework64\\"
                                    in event.deep_get("TargetImage", default=""),
                                ]
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="").endswith("\\msiexec.exe"),
                            event.deep_get("TargetImage", default="")
                            in [
                                "C:\\Windows\\System32\\msiexec.exe",
                                "C:\\Windows\\SysWOW64\\msiexec.exe",
                            ],
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            == "C:\\Program Files\\Internet Explorer\\iexplore.exe",
                            event.deep_get("TargetImage", default="")
                            in [
                                "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
                                "C:\\Windows\\System32\\rundll32.exe",
                            ],
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="").endswith("\\POWERPNT.EXE"),
                            any(
                                [
                                    "C:\\Program Files\\Microsoft Office\\"
                                    in event.deep_get("TargetImage", default=""),
                                    "C:\\Program Files (x86)\\Microsoft Office\\"
                                    in event.deep_get("TargetImage", default=""),
                                ]
                            ),
                        ]
                    ),
                    event.deep_get("TargetImage", default="") == "",
                    event.deep_get("TargetImage", default="") == "",
                ]
            ),
            not any(
                [
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            == "C:\\Program Files\\internet explorer\\iexplore.exe",
                            "https://" in event.deep_get("SourceCommandLine", default=""),
                            ".checkpoint.com/documents/"
                            in event.deep_get("SourceCommandLine", default=""),
                            "SmartConsole_OLH/" in event.deep_get("SourceCommandLine", default=""),
                            "default.htm#cshid=" in event.deep_get("SourceCommandLine", default=""),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            == "C:\\Program Files\\internet explorer\\iexplore.exe",
                            any(
                                [
                                    event.deep_get("SourceParentImage", default="").startswith(
                                        "C:\\Program Files\\"
                                    ),
                                    event.deep_get("SourceParentImage", default="").startswith(
                                        "C:\\Program Files (x86)\\"
                                    ),
                                ]
                            ),
                            "\\CheckPoint\\SmartConsole\\"
                            in event.deep_get("SourceParentImage", default=""),
                            "\\SmartConsole.exe" in event.deep_get("SourceParentImage", default=""),
                        ]
                    ),
                    all(
                        [
                            "\\Microsoft Office\\" in event.deep_get("SourceImage", default=""),
                            event.deep_get("SourceImage", default="").endswith("\\POWERPNT.EXE"),
                            event.deep_get("TargetImage", default="")
                            == "C:\\Windows\\System32\\csrss.exe",
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            == "C:\\Windows\\explorer.exe",
                            event.deep_get("TargetImage", default="").endswith(
                                "\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe"
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            == "C:\\Windows\\explorer.exe",
                            event.deep_get("TargetImage", default="").endswith(
                                "\\aurora-dashboard.exe"
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="")
                            == "C:\\Windows\\explorer.exe",
                            event.deep_get("TargetImage", default="").endswith("\\OfficeSetup.exe"),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
