graph G {
    compound="true"
    rankdir="TB"
    bgcolor="white"
    fontname="Tahoma"

    node [
        fixedsize="false"
        fontname="Tahoma"
        color="white"
        fillcolor="deepskyblue2"
        fontcolor="black"
        shape="box"
        style="filled"
        penwidth="1.0"
    ]
    edge [
        fontname="Arial"
        color="#00688b"
        fontcolor="black"
        fontsize="12"
        arrowsize="0.5"
        penwidth="1.0"
    ]




    "[detection_rules/kbwrap.py]" -- "[pyproject.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[detection_rules/packaging.py]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[detection_rules/rule.py]" -- "[detection_rules/packaging.py]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[detection_rules/cli_utils.py]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[detection_rules/rule.py]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[detection_rules/kbwrap.py]" -- "[detection_rules/cli_utils.py]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[detection_rules/utils.py]" -- "[pyproject.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[detection_rules/devtools.py]" -- "[pyproject.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[detection_rules/rule_loader.py]" -- "[pyproject.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[detection_rules/etc/stack-schema-map.yaml]" -- "[pyproject.toml]" [label=" 2 ", penwidth="2", color="#00688b70"];
    "[rules/macos/defense_evasion_modify_environment_launchctl.toml]" -- "[rules/macos/credential_access_dumping_keychain_security.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/defense_evasion_privilege_escalation_privacy_pref_sshd_fulldiskaccess.toml]" -- "[rules/macos/credential_access_dumping_hashes_bi_cmds.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/defense_evasion_safari_config_change.toml]" -- "[rules/macos/credential_access_mitm_localhost_webproxy.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/privilege_escalation_root_crontab_filemod.toml]" -- "[rules/macos/defense_evasion_attempt_to_disable_gatekeeper.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_via_atom_init_file_modification.toml]" -- "[rules/macos/execution_script_via_automator_workflows.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/privilege_escalation_root_crontab_filemod.toml]" -- "[rules/macos/defense_evasion_install_root_certificate.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/defense_evasion_masquerading_as_elastic_endpoint_process.toml]" -- "[rules/linux/defense_evasion_binary_copied_to_suspicious_directory.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_screensaver_plist_file_modification.toml]" -- "[rules/macos/persistence_crontab_creation.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/defense_evasion_suspicious_short_program_name.toml]" -- "[rules/linux/defense_evasion_rename_esxi_index_file.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[hunting/macos/queries/credential_access_potential_python_stealer.toml]" -- "[pyproject.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/network/command_and_control_vnc_virtual_network_computing_from_the_internet.toml]" -- "[pyproject.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/privilege_escalation_root_crontab_filemod.toml]" -- "[rules/macos/persistence_defense_evasion_hidden_launch_agent_deamon_logonitem_process.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_evasion_hidden_launch_agent_deamon_creation.toml]" -- "[rules/macos/persistence_account_creation_hide_at_logon.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/privilege_escalation_root_crontab_filemod.toml]" -- "[rules/macos/persistence_emond_rules_file_creation.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/integrations/azure/initial_access_graph_first_occurrence_of_client_request.toml]" -- "[pyproject.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/defense_evasion_privacy_controls_tcc_database_modification.toml]" -- "[rules/macos/credential_access_promt_for_pwd_via_osascript.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/lateral_movement_remote_ssh_login_enabled.toml]" -- "[rules/macos/defense_evasion_attempt_del_quarantine_attrib.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/defense_evasion_masquerading_trusted_directory.toml]" -- "[pyproject.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/lateral_movement_vpn_connection_attempt.toml]" -- "[rules/macos/execution_defense_evasion_electron_app_childproc_node_js.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[hunting/macos/queries/execution_python_script_drop_and_execute.toml]" -- "[hunting/macos/queries/defense_evasion_self_deleting_python_script.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/privilege_escalation_explicit_creds_via_scripting.toml]" -- "[rules/macos/persistence_credential_access_authorization_plugin_creation.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_finder_sync_plugin_pluginkit.toml]" -- "[rules/macos/defense_evasion_privilege_escalation_privacy_pref_sshd_fulldiskaccess.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/command_and_control_new_terms_commonly_abused_rat_execution.toml]" -- "[detection_rules/etc/stack-schema-map.yaml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/windows/command_and_control_screenconnect_childproc.toml]" -- "[rules/linux/defense_evasion_binary_copied_to_suspicious_directory.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[hunting/macos/queries/execution_unsigned_or_untrusted_binary_fork_via_python.toml]" -- "[hunting/macos/queries/execution_suspicious_file_access_via_docker.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[detection_rules/integrations.py]" -- "[pyproject.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_creation_change_launch_agents_file.toml]" -- "[rules/macos/defense_evasion_safari_config_change.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[detection_rules/main.py]" -- "[pyproject.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/privilege_escalation_root_crontab_filemod.toml]" -- "[rules/macos/persistence_account_creation_hide_at_logon.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/defense_evasion_privilege_escalation_privacy_pref_sshd_fulldiskaccess.toml]" -- "[rules/macos/credential_access_credentials_keychains.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_docker_shortcuts_plist_modification.toml]" -- "[rules/macos/persistence_creation_hidden_login_item_osascript.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_modification_sublime_app_plugin_or_script.toml]" -- "[rules/macos/defense_evasion_tcc_bypass_mounted_apfs_access.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules_building_block/defense_evasion_masquerading_browsers.toml]" -- "[rules/linux/defense_evasion_binary_copied_to_suspicious_directory.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_defense_evasion_hidden_launch_agent_deamon_logonitem_process.toml]" -- "[rules/macos/execution_initial_access_suspicious_browser_childproc.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_via_atom_init_file_modification.toml]" -- "[rules/macos/persistence_directory_services_plugins_modification.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/privilege_escalation_exploit_adobe_acrobat_updater.toml]" -- "[rules/macos/persistence_docker_shortcuts_plist_modification.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/threat_intel/threat_intel_indicator_match_url.toml]" -- "[rules/threat_intel/threat_intel_indicator_match_email.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_docker_shortcuts_plist_modification.toml]" -- "[rules/macos/defense_evasion_sandboxed_office_app_suspicious_zip_file.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/persistence_emond_rules_process_execution.toml]" -- "[rules/macos/lateral_movement_remote_ssh_login_enabled.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];
    "[rules/macos/credential_access_promt_for_pwd_via_osascript.toml]" -- "[rules/macos/credential_access_mitm_localhost_webproxy.toml]" [label=" 1 ", penwidth="1", color="#00688b5E"];

}