graph G {
    compound="true"
    rankdir="TB"
    bgcolor="white"
    fontname="Tahoma"

    node [
        fixedsize="false"
        fontname="Tahoma"
        color="white"
        fillcolor="deepskyblue2"
        fontcolor="black"
        shape="box"
        style="filled"
        penwidth="1.0"
    ]
    edge [
        fontname="Arial"
        color="#00688b"
        fontcolor="black"
        fontsize="12"
        arrowsize="0.5"
        penwidth="1.0"
    ]




    "[detection_rules/kbwrap.py]" -- "[pyproject.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[rules/linux/discovery_subnet_scanning_activity_from_compromised_host.toml]" -- "[rules/linux/discovery_port_scanning_activity_from_compromised_host.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[detection_rules/schemas/definitions.py]" -- "[pyproject.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[detection_rules/cli_utils.py]" -- "[pyproject.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[detection_rules/etc/stack-schema-map.yaml]" -- "[pyproject.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[detection_rules/rule.py]" -- "[pyproject.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[rules/linux/persistence_web_server_sus_command_execution.toml]" -- "[rules/linux/discovery_port_scanning_activity_from_compromised_host.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[detection_rules/rule_loader.py]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/privilege_escalation_uac_bypass_mock_windir.toml]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/discovery_port_scanning_activity_from_compromised_host.toml]" -- "[rules/linux/defense_evasion_base64_decoding_activity.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/lateral_movement_via_wsus_update.toml]" -- "[rules/windows/defense_evasion_lolbas_win_cdb_utility.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/lateral_movement_via_wsus_update.toml]" -- "[rules/windows/credential_access_dollar_account_relay.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/discovery_whoami_command_activity.toml]" -- "[rules/windows/command_and_control_tool_transfer_via_curl.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/execution_from_unusual_path_cmdline.toml]" -- "[rules/windows/command_and_control_tunnel_vscode.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/persistence_web_server_sus_command_execution.toml]" -- "[rules/linux/discovery_subnet_scanning_activity_from_compromised_host.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/exfiltration_unusual_file_transfer_utility_launched.toml]" -- "[rules/linux/discovery_subnet_scanning_activity_from_compromised_host.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/execution_from_unusual_path_cmdline.toml]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_masquerading_as_elastic_endpoint_process.toml]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/exfiltration_unusual_file_transfer_utility_launched.toml]" -- "[rules/linux/command_and_control_frequent_egress_netcon_from_sus_executable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/integrations/azure_openai/azure_openai_model_theft_detection.toml]" -- "[rules/integrations/azure_openai/azure_openai_denial_of_ml_service_detection.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/execution_from_unusual_path_cmdline.toml]" -- "[rules/windows/command_and_control_screenconnect_childproc.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/persistence_web_server_sus_command_execution.toml]" -- "[rules/linux/command_and_control_frequent_egress_netcon_from_sus_executable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_audit_policy_disabled_winlog.toml]" -- "[rules/windows/credential_access_dollar_account_relay.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/persistence_web_server_sus_child_spawned.toml]" -- "[rules/linux/command_and_control_frequent_egress_netcon_from_sus_executable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_from_unusual_directory.toml]" -- "[rules/windows/command_and_control_new_terms_commonly_abused_rat_execution.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_windows_filtering_platform.toml]" -- "[rules/windows/credential_access_dollar_account_relay.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/privilege_escalation_uac_bypass_mock_windir.toml]" -- "[rules/windows/defense_evasion_from_unusual_directory.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/execution_from_unusual_path_cmdline.toml]" -- "[rules/windows/defense_evasion_from_unusual_directory.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/privilege_escalation_uac_bypass_mock_windir.toml]" -- "[rules/windows/command_and_control_new_terms_commonly_abused_rat_execution.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_masquerading_as_elastic_endpoint_process.toml]" -- "[rules/windows/command_and_control_tunnel_vscode.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_masquerading_as_elastic_endpoint_process.toml]" -- "[rules/windows/command_and_control_new_terms_commonly_abused_rat_execution.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/persistence_web_server_sus_child_spawned.toml]" -- "[rules/linux/defense_evasion_base64_decoding_activity.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/privilege_escalation_unquoted_service_path.toml]" -- "[rules/windows/defense_evasion_lolbas_win_cdb_utility.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/privilege_escalation_uac_bypass_mock_windir.toml]" -- "[rules/windows/execution_from_unusual_path_cmdline.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/privilege_escalation_uac_bypass_mock_windir.toml]" -- "[rules/windows/command_and_control_tunnel_vscode.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/impact_potential_bruteforce_malware_infection.toml]" -- "[rules/linux/defense_evasion_base64_decoding_activity.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/privilege_escalation_uac_bypass_mock_windir.toml]" -- "[rules/windows/command_and_control_screenconnect_childproc.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/command_and_control_screenconnect_childproc.toml]" -- "[rules/windows/command_and_control_new_terms_commonly_abused_rat_execution.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/impact_potential_bruteforce_malware_infection.toml]" -- "[rules/linux/command_and_control_frequent_egress_netcon_from_sus_executable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/impact_potential_bruteforce_malware_infection.toml]" -- "[rules/linux/exfiltration_unusual_file_transfer_utility_launched.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_masquerading_trusted_directory.toml]" -- "[rules/windows/command_and_control_tunnel_vscode.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_masquerading_trusted_directory.toml]" -- "[rules/windows/command_and_control_new_terms_commonly_abused_rat_execution.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_masquerading_trusted_directory.toml]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/execution_from_unusual_path_cmdline.toml]" -- "[rules/windows/defense_evasion_masquerading_as_elastic_endpoint_process.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/privilege_escalation_unquoted_service_path.toml]" -- "[rules/windows/defense_evasion_audit_policy_disabled_winlog.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/persistence_web_server_sus_child_spawned.toml]" -- "[rules/linux/exfiltration_unusual_file_transfer_utility_launched.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/linux/impact_potential_bruteforce_malware_infection.toml]" -- "[rules/linux/discovery_subnet_scanning_activity_from_compromised_host.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[detection_rules/devtools.py]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_masquerading_trusted_directory.toml]" -- "[rules/windows/command_and_control_screenconnect_childproc.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[rules/windows/defense_evasion_from_unusual_directory.toml]" -- "[pyproject.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];

}