for some events i have to exclude some users

My trasforms is:

[events-null]
REGEX=.
DEST_KEY=queue
FORMAT=nullQueue

[security-filter]
REGEX=(?msi)^EventCode=(528|538|551|529|680|534|533|532|539|537|531|530|540|535|4624|4672|4648|4625|4634|4647|536)\D
DEST_KEY=queue
FORMAT=indexQueue