def rule(event):
    if all(
        [
            event.deep_get("EventID", default="") == 5136,
            event.deep_get("ObjectClass", default="") == "msDS-DelegatedManagedServiceAccount",
            event.deep_get("AttributeLDAPDisplayName", default="")
            == "msDS-ManagedAccountPrecededByLink",
            not event.deep_get("SubjectAccountName", default="") in ["SYSTEM", "%Administrators%"],
        ]
    ):
        return True
    return False
