def rule(event):
    if event.deep_get("eventType", default="") == "security.threat.detected":
        return True
    return False
