def rule(event):
    if all(
        [
            event.deep_get("auditType", "category", default="") == "Users and groups",
            event.deep_get("auditType", "action", default="")
            in [
                "User permissions export failed",
                "User permissions export started",
                "User permissions exported",
            ],
        ]
    ):
        return True
    return False
