def rule(event):
    if event.deep_get("operationName", default="") in [
        "MICROSOFT.KEYVAULT/VAULTS/WRITE",
        "MICROSOFT.KEYVAULT/VAULTS/DELETE",
        "MICROSOFT.KEYVAULT/VAULTS/DEPLOY/ACTION",
        "MICROSOFT.KEYVAULT/VAULTS/ACCESSPOLICIES/WRITE",
    ]:
        return True
    return False
