graph G {
    compound="true"
    rankdir="TB"
    bgcolor="white"
    fontname="Tahoma"

    node [
        fixedsize="false"
        fontname="Tahoma"
        color="white"
        fillcolor="deepskyblue2"
        fontcolor="black"
        shape="box"
        style="filled"
        penwidth="1.0"
    ]
    edge [
        fontname="Arial"
        color="#00688b"
        fontcolor="black"
        fontsize="12"
        arrowsize="0.5"
        penwidth="1.0"
    ]




    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" [label=" 6 ", penwidth="6", color="#00688bB7"];
    "[behavior/rules/windows/defense_evasion_potential_library_load_via_rop_gadgets.toml]" -- "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" [label=" 6 ", penwidth="6", color="#00688bB7"];
    "[behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml]" -- "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" [label=" 6 ", penwidth="6", color="#00688bB7"];
    "[behavior/rules/linux/persistence_network_connection_through_shell_profile.toml]" -- "[behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml]" [label=" 6 ", penwidth="6", color="#00688bB7"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_potential_library_load_via_rop_gadgets.toml]" -- "[behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_potential_library_load_via_rop_gadgets.toml]" -- "[behavior/rules/windows/command_and_control_connection_to_webservice_by_a_signed_binary_proxy.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/command_and_control_dns_query_to_suspicious_top_level_domain.toml]" -- "[behavior/rules/cross-platform/execution_kill_command_executed_from_binary_in_unusual_location.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/cross-platform/execution_kill_command_executed_from_binary_in_unusual_location.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/command_and_control_connection_to_webservice_by_a_signed_binary_proxy.toml]" -- "[behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml]" -- "[behavior/rules/cross-platform/execution_kill_command_executed_from_binary_in_unusual_location.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_remote_file_execution_via_msiexec.toml]" -- "[behavior/rules/windows/command_and_control_dns_query_to_suspicious_top_level_domain.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/persistence_network_connection_through_shell_profile.toml]" -- "[behavior/rules/cross-platform/execution_kill_command_executed_from_binary_in_unusual_location.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/command_and_control_connection_to_webservice_by_a_signed_binary_proxy.toml]" -- "[behavior/rules/linux/persistence_network_connection_through_shell_profile.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/defense_evasion_potential_proxy_execution_via_systemd_run.toml]" -- "[behavior/rules/cross-platform/execution_kill_command_executed_from_binary_in_unusual_location.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_potential_library_load_via_rop_gadgets.toml]" -- "[behavior/rules/linux/persistence_network_connection_through_shell_profile.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/cross-platform/execution_kill_command_executed_from_binary_in_unusual_location.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/command_and_control_connection_to_webservice_by_a_signed_binary_proxy.toml]" -- "[behavior/rules/cross-platform/execution_kill_command_executed_from_binary_in_unusual_location.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_remote_file_execution_via_msiexec.toml]" -- "[behavior/rules/cross-platform/execution_kill_command_executed_from_binary_in_unusual_location.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/persistence_network_connection_through_shell_profile.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml]" -- "[behavior/rules/windows/defense_evasion_potential_library_load_via_rop_gadgets.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/windows/defense_evasion_protected_process_light_bypass_via_dll_tampering.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/windows/command_and_control_connection_to_webservice_by_a_signed_binary_proxy.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/windows/defense_evasion_potential_library_load_via_rop_gadgets.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/persistence_network_connection_through_shell_profile.toml]" [label=" 5 ", penwidth="5", color="#00688bA5"];
    "[behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml]" -- "[behavior/rules/linux/execution_suspicious_execution_from_foomatic_rip_or_cupsd_parent.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_remote_file_execution_via_msiexec.toml]" -- "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/linux/persistence_network_connection_through_shell_profile.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/macos/collection_discovery_result_written_to_a_suspicious_file_via_discovery_process.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_remote_file_execution_via_msiexec.toml]" -- "[behavior/rules/windows/command_and_control_connection_to_webservice_by_a_signed_binary_proxy.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/command_and_control_dns_query_to_suspicious_top_level_domain.toml]" -- "[behavior/rules/linux/defense_evasion_potential_proxy_execution_via_systemd_run.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/linux/defense_evasion_curl_or_wget_egress_network_connection_via_lolbin.toml]" -- "[behavior/rules/linux/persistence_systemd_execution_followed_by_network_connection.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/macos/defense_evasion_suspicious_openssl_execution_via_macos_application.toml]" -- "[behavior/rules/linux/defense_evasion_potential_proxy_execution_via_systemd_run.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/linux/execution_suspicious_execution_from_foomatic_rip_or_cupsd_parent.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml]" -- "[behavior/rules/linux/persistence_systemd_execution_followed_by_network_connection.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/macos/defense_evasion_suspicious_file_attribute_clearing.toml]" -- "[behavior/rules/linux/execution_suspicious_execution_from_foomatic_rip_or_cupsd_parent.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/linux/persistence_decode_activity_via_web_server.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];

}