graph G {
    compound="true"
    rankdir="TB"
    bgcolor="white"
    fontname="Tahoma"

    node [
        fixedsize="false"
        fontname="Tahoma"
        color="white"
        fillcolor="deepskyblue2"
        fontcolor="black"
        shape="box"
        style="filled"
        penwidth="1.0"
    ]
    edge [
        fontname="Arial"
        color="#00688b"
        fontcolor="black"
        fontsize="12"
        arrowsize="0.5"
        penwidth="1.0"
    ]




    "[detection_rules/etc/stack-schema-map.yaml]" -- "[pyproject.toml]" [label=" 7 ", penwidth="7", color="#00688bC9"];
    "[detection_rules/kbwrap.py]" -- "[pyproject.toml]" [label=" 7 ", penwidth="7", color="#00688bC9"];
    "[detection_rules/devtools.py]" -- "[pyproject.toml]" [label=" 6 ", penwidth="6", color="#00688bB7"];
    "[rules/integrations/github/persistence_github_org_owner_added.toml]" -- "[rules/integrations/github/impact_github_repository_deleted.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/defense_evasion_attempt_to_disable_syslog_service.toml]" -- "[rules/linux/defense_evasion_acl_modification_via_setfacl.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/impact_github_repository_deleted.toml]" -- "[rules/integrations/github/defense_evasion_github_protected_branch_settings_changed.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/execution_new_github_app_installed.toml]" -- "[rules/integrations/github/execution_github_app_deleted.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_organization_owner_role_granted.toml]" -- "[rules/integrations/github/impact_github_repository_deleted.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/impact_github_repository_deleted.toml]" -- "[rules/integrations/github/execution_github_app_deleted.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/execution_new_github_app_installed.toml]" -- "[rules/integrations/github/defense_evasion_github_protected_branch_settings_changed.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_organization_owner_role_granted.toml]" -- "[rules/integrations/github/execution_new_github_app_installed.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[detection_rules/cli_utils.py]" -- "[pyproject.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/persistence_setuid_setgid_capability_set.toml]" -- "[rules/linux/persistence_linux_user_added_to_privileged_group.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/execution_unix_socket_communication.toml]" -- "[rules/linux/execution_shell_openssl_client_or_server.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_organization_owner_role_granted.toml]" -- "[rules/integrations/github/defense_evasion_github_protected_branch_settings_changed.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/impact_github_repository_deleted.toml]" -- "[rules/integrations/github/execution_github_high_number_of_cloned_repos_from_pat.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_organization_owner_role_granted.toml]" -- "[rules/integrations/github/execution_github_high_number_of_cloned_repos_from_pat.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/persistence_kworker_file_creation.toml]" -- "[rules/linux/command_and_control_linux_proxychains_activity.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_organization_owner_role_granted.toml]" -- "[rules/integrations/github/persistence_github_org_owner_added.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/command_and_control_linux_suspicious_proxychains_activity.toml]" -- "[rules/linux/command_and_control_linux_proxychains_activity.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/execution_new_github_app_installed.toml]" -- "[rules/integrations/github/execution_github_high_number_of_cloned_repos_from_pat.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/persistence_kworker_file_creation.toml]" -- "[rules/linux/persistence_kde_autostart_modification.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_github_org_owner_added.toml]" -- "[rules/integrations/github/defense_evasion_github_protected_branch_settings_changed.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/execution_github_app_deleted.toml]" -- "[rules/integrations/github/defense_evasion_github_protected_branch_settings_changed.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_github_org_owner_added.toml]" -- "[rules/integrations/github/execution_new_github_app_installed.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_github_org_owner_added.toml]" -- "[rules/integrations/github/execution_github_app_deleted.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/execution_github_high_number_of_cloned_repos_from_pat.toml]" -- "[rules/integrations/github/defense_evasion_github_protected_branch_settings_changed.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/windows/defense_evasion_from_unusual_directory.toml]" -- "[pyproject.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/command_and_control_linux_suspicious_proxychains_activity.toml]" -- "[rules/linux/command_and_control_linux_ssh_x11_forwarding.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/impact_github_repository_deleted.toml]" -- "[rules/integrations/github/execution_new_github_app_installed.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/execution_github_high_number_of_cloned_repos_from_pat.toml]" -- "[rules/integrations/github/execution_github_app_deleted.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/persistence_kde_autostart_modification.toml]" -- "[rules/linux/command_and_control_linux_proxychains_activity.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/persistence_kworker_file_creation.toml]" -- "[rules/linux/command_and_control_linux_ssh_x11_forwarding.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/persistence_insmod_kernel_module_load.toml]" -- "[rules/linux/persistence_dynamic_linker_backup.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/persistence_kde_autostart_modification.toml]" -- "[rules/linux/command_and_control_linux_suspicious_proxychains_activity.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_github_org_owner_added.toml]" -- "[rules/integrations/github/execution_github_high_number_of_cloned_repos_from_pat.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/impact_memory_swap_modification.toml]" -- "[rules/linux/exfiltration_potential_data_splitting_for_exfiltration.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/command_and_control_linux_ssh_x11_forwarding.toml]" -- "[rules/linux/command_and_control_linux_proxychains_activity.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/integrations/github/persistence_organization_owner_role_granted.toml]" -- "[rules/integrations/github/execution_github_app_deleted.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/persistence_kworker_file_creation.toml]" -- "[rules/linux/command_and_control_linux_suspicious_proxychains_activity.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/persistence_kde_autostart_modification.toml]" -- "[rules/linux/command_and_control_linux_ssh_x11_forwarding.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/discovery_suspicious_memory_grep_activity.toml]" -- "[rules/linux/discovery_sudo_allowed_command_enumeration.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[rules/linux/persistence_insmod_kernel_module_load.toml]" -- "[rules/linux/execution_suspicious_mining_process_creation_events.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[rules/linux/discovery_subnet_scanning_activity_from_compromised_host.toml]" -- "[rules/linux/discovery_port_scanning_activity_from_compromised_host.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[rules_building_block/persistence_github_new_pat_for_user.toml]" -- "[rules_building_block/impact_github_pat_access_revoked.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[rules/windows/credential_access_copy_ntds_sam_volshadowcp_cmdline.toml]" -- "[rules/windows/defense_evasion_from_unusual_directory.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[rules/linux/defense_evasion_kthreadd_masquerading.toml]" -- "[rules/linux/defense_evasion_clear_kernel_ring_buffer.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[rules_building_block/initial_access_github_new_ip_address_for_pat.toml]" -- "[rules/integrations/github/execution_github_app_deleted.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[rules/linux/defense_evasion_attempt_to_disable_iptables_or_firewall.toml]" -- "[rules/linux/defense_evasion_acl_modification_via_setfacl.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[rules/integrations/endpoint/impact_elastic_ransomware_detected.toml]" -- "[rules/integrations/endpoint/defense_evasion_elastic_memory_threat_prevented.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];

}