@Dr Atul G- LNG  , thanks for your respond so can use existing OOO event "ci.change.unplanned"  or better to use Custom Event and Script only  ?

We can implement this, but my point is that the current setup is OOTB, while your request involves a custom event. I need to understand the underlying business use case.

@Dr Atul G- LNG  

Requirements:

1. Unauthorized change tasks should be limited to CIs where the environment is  in the following classes: AIX Server, Apache Web Server, Appliance, Cloud DataBase, Computer Peripheral, DB Instance Size, DB2 Subsystem, DynamoDB Table, ESX Server, F5 BIG-IP, Generic Application, IBM Frame, IBM Mainframe, IBM Mainframe LPAR, IBM MQ Manager, IBM Websphere, IBM zOS server, IP Router, IP Switch, JBoss, Jboss module, Kafka Broker, Kafka Connect, Kafka Zoo Keeper, Linux Server, MarkLogic, Microsoft iis Web Server, MongoDB Instance, MS SQL DataBase, MSFT SQL Instance, MySQL Instance, Network Gear, Oracle Database Listener, Oracle Instance, Oracle PDB Instance, PostgreSQL Instance, SAP Business Objects CMS server, Server, Solaris Server, SQL Server Analysis Services, SQL Server Reporting Services, Storage Cluster, Storage Node Element, Storage Server, Storage Switch, Sybase Instance, Tag-Based Application Service, Telephony, Tomcat, Tomcat WAR, Tuxedo, Weblogic, Weblogic Module Server, Websphere EAR, Windows Server.
2. The unauthorized change task generation should be limited to the following attributes: u_artifact_version, version, os_version, kernel_release, ip_address, fqdn, dns_domain, running_process, running_process_key_parameters, tcp_port