def rule(event):
    if any(
        [
            all(
                [
                    event.deep_get("TargetObject", default="").endswith(
                        "\\SOFTWARE\\Policies\\Microsoft\\Edge\\BuiltInDnsClientEnabled"
                    ),
                    event.deep_get("Details", default="") == "DWORD (0x00000001)",
                ]
            ),
            all(
                [
                    event.deep_get("TargetObject", default="").endswith(
                        "\\SOFTWARE\\Google\\Chrome\\DnsOverHttpsMode"
                    ),
                    event.deep_get("Details", default="") == "secure",
                ]
            ),
            all(
                [
                    event.deep_get("TargetObject", default="").endswith(
                        "\\SOFTWARE\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\Enabled"
                    ),
                    event.deep_get("Details", default="") == "DWORD (0x00000001)",
                ]
            ),
        ]
    ):
        return True
    return False
