graph G {
    compound="true"
    rankdir="TB"
    bgcolor="white"
    fontname="Tahoma"

    node [
        fixedsize="false"
        fontname="Tahoma"
        color="white"
        fillcolor="deepskyblue2"
        fontcolor="black"
        shape="box"
        style="filled"
        penwidth="1.0"
    ]
    edge [
        fontname="Arial"
        color="#00688b"
        fontcolor="black"
        fontsize="12"
        arrowsize="0.5"
        penwidth="1.0"
    ]




    "[rules/windows/privilege_escalation_unquoted_service_path.toml]" -- "[rules/windows/execution_mofcomp.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/defense_evasion_audit_policy_disabled_winlog.toml]" -- "[rules/windows/credential_access_dollar_account_relay.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[detection_rules/main.py]" -- "[pyproject.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/lateral_movement_via_wsus_update.toml]" -- "[rules/windows/execution_mofcomp.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/lateral_movement_via_wsus_update.toml]" -- "[rules/windows/defense_evasion_windows_filtering_platform.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/lateral_movement_via_wsus_update.toml]" -- "[rules/windows/defense_evasion_audit_policy_disabled_winlog.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/execution_mofcomp.toml]" -- "[rules/windows/defense_evasion_windows_filtering_platform.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/privilege_escalation_unquoted_service_path.toml]" -- "[rules/windows/defense_evasion_audit_policy_disabled_winlog.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/defense_evasion_windows_filtering_platform.toml]" -- "[rules/windows/defense_evasion_lolbas_win_cdb_utility.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/discovery_whoami_command_activity.toml]" -- "[rules/windows/discovery_enumerating_domain_trusts_via_nltest.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/execution_mofcomp.toml]" -- "[rules/windows/defense_evasion_audit_policy_disabled_winlog.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/defense_evasion_lolbas_win_cdb_utility.toml]" -- "[rules/windows/defense_evasion_audit_policy_disabled_winlog.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/privilege_escalation_unquoted_service_path.toml]" -- "[rules/windows/lateral_movement_via_wsus_update.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/privilege_escalation_unquoted_service_path.toml]" -- "[rules/windows/credential_access_dollar_account_relay.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[detection_rules/docs.py]" -- "[pyproject.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/defense_evasion_windows_filtering_platform.toml]" -- "[rules/windows/credential_access_dollar_account_relay.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/execution_mofcomp.toml]" -- "[rules/windows/defense_evasion_lolbas_win_cdb_utility.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/privilege_escalation_unquoted_service_path.toml]" -- "[rules/windows/defense_evasion_windows_filtering_platform.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/execution_mofcomp.toml]" -- "[rules/windows/credential_access_dollar_account_relay.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/defense_evasion_lolbas_win_cdb_utility.toml]" -- "[rules/windows/credential_access_dollar_account_relay.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/privilege_escalation_unquoted_service_path.toml]" -- "[rules/windows/defense_evasion_lolbas_win_cdb_utility.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/discovery_whoami_command_activity.toml]" -- "[rules/windows/command_and_control_tool_transfer_via_curl.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/discovery_enumerating_domain_trusts_via_nltest.toml]" -- "[rules/windows/command_and_control_tool_transfer_via_curl.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/lateral_movement_via_wsus_update.toml]" -- "[rules/windows/defense_evasion_lolbas_win_cdb_utility.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[detection_rules/custom_rules.py]" -- "[pyproject.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/defense_evasion_windows_filtering_platform.toml]" -- "[rules/windows/defense_evasion_audit_policy_disabled_winlog.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/lateral_movement_via_wsus_update.toml]" -- "[rules/windows/credential_access_dollar_account_relay.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/windows/initial_access_suspicious_ms_office_child_process.toml]" -- "[rules/windows/execution_enumeration_via_wmiprvse.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/persistence_msds_alloweddelegateto_krbtgt.toml]" -- "[rules/windows/execution_apt_solarwinds_backdoor_child_cmd_powershell.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/execution_initial_access_foxmail_exploit.toml]" -- "[rules/windows/discovery_admin_recon.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/credential_access_ldap_attributes.toml]" -- "[rules/windows/command_and_control_dns_tunneling_nslookup.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/credential_access_lsass_memdump_handle_access.toml]" -- "[rules/windows/defense_evasion_via_filter_manager.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/privilege_escalation_make_token_local.toml]" -- "[rules/windows/execution_suspicious_pdf_reader.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/credential_access_lsass_memdump_handle_access.toml]" -- "[rules/windows/lateral_movement_remote_file_copy_hidden_share.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/lateral_movement_remote_task_creation_winlog.toml]" -- "[rules/windows/defense_evasion_enable_inbound_rdp_with_netsh.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/defense_evasion_iis_httplogging_disabled.toml]" -- "[rules/cross-platform/command_and_control_google_drive_malicious_file_download.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/impact_volume_shadow_copy_deletion_or_resized_via_vssadmin.toml]" -- "[rules/windows/credential_access_wireless_creds_dumping.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/credential_access_dcsync_replication_rights.toml]" -- "[rules/cross-platform/command_and_control_google_drive_malicious_file_download.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/defense_evasion_execution_msbuild_started_by_system_process.toml]" -- "[rules/windows/credential_access_dnsnode_creation.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/persistence_remote_password_reset.toml]" -- "[rules/windows/defense_evasion_powershell_windows_firewall_disabled.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/privilege_escalation_newcreds_logon_rare_process.toml]" -- "[rules/windows/credential_access_wireless_creds_dumping.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/privilege_escalation_group_policy_iniscript.toml]" -- "[rules/windows/defense_evasion_workfolders_control_execution.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/execution_via_compiled_html_file.toml]" -- "[rules/windows/discovery_enumerating_domain_trusts_via_dsquery.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/privilege_escalation_krbrelayup_service_creation.toml]" -- "[rules/windows/collection_email_powershell_exchange_mailbox.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/privilege_escalation_tokenmanip_sedebugpriv_enabled.toml]" -- "[rules/windows/impact_stop_process_service_threshold.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/persistence_via_windows_management_instrumentation_event_subscription.toml]" -- "[rules/windows/initial_access_rdp_file_mail_attachment.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/privilege_escalation_suspicious_dnshostname_update.toml]" -- "[rules/windows/privilege_escalation_group_policy_iniscript.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/persistence_system_shells_via_services.toml]" -- "[rules/windows/lateral_movement_execution_from_tsclient_mup.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/privilege_escalation_uac_bypass_mock_windir.toml]" -- "[rules/windows/defense_evasion_execution_lolbas_wuauclt.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/persistence_scheduled_task_creation_winlog.toml]" -- "[rules/windows/lateral_movement_remote_file_copy_hidden_share.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];

}