def rule(event):
    if all(
        [
            event.deep_get("Image", default="").endswith("/git"),
            " clone " in event.deep_get("CommandLine", default=""),
            any(
                [
                    "exploit" in event.deep_get("CommandLine", default=""),
                    "Vulns" in event.deep_get("CommandLine", default=""),
                    "vulnerability" in event.deep_get("CommandLine", default=""),
                    "RCE" in event.deep_get("CommandLine", default=""),
                    "RemoteCodeExecution" in event.deep_get("CommandLine", default=""),
                    "Invoke-" in event.deep_get("CommandLine", default=""),
                    "CVE-" in event.deep_get("CommandLine", default=""),
                    "poc-" in event.deep_get("CommandLine", default=""),
                    "ProofOfConcept" in event.deep_get("CommandLine", default=""),
                    "proxyshell" in event.deep_get("CommandLine", default=""),
                    "log4shell" in event.deep_get("CommandLine", default=""),
                    "eternalblue" in event.deep_get("CommandLine", default=""),
                    "eternal-blue" in event.deep_get("CommandLine", default=""),
                    "MS17-" in event.deep_get("CommandLine", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
