graph G {
    compound="true"
    rankdir="TB"
    bgcolor="white"
    fontname="Tahoma"

    node [
        fixedsize="false"
        fontname="Tahoma"
        color="white"
        fillcolor="deepskyblue2"
        fontcolor="black"
        shape="box"
        style="filled"
        penwidth="1.0"
    ]
    edge [
        fontname="Arial"
        color="#00688b"
        fontcolor="black"
        fontsize="12"
        arrowsize="0.5"
        penwidth="1.0"
    ]




    "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" [label=" 4 ", penwidth="4", color="#00688b93"];
    "[behavior/rules/linux/persistence_network_connection_through_shell_profile.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" -- "[behavior/rules/linux/command_and_control_python_network_connection_followed_by_file_creation.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/privilege_escalation_suspicious_impersonation_as_trusted_installer.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml]" -- "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml]" -- "[behavior/rules/windows/defense_evasion_remote_process_memory_write_by_low_reputation_module.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/windows/command_and_control_execution_from_suspicious_stack_trailing_bytes.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/linux/execution_suspicious_execution_from_foomatic_rip_or_cupsd_parent.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/linux/command_and_control_python_network_connection_followed_by_file_creation.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml]" -- "[behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/macos/collection_discovery_result_written_to_a_suspicious_file_via_discovery_process.toml]" -- "[behavior/rules/linux/defense_evasion_shared_object_injection_via_process_environment_variable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_network_activity_from_a_stomped_module.toml]" -- "[behavior/rules/linux/persistence_decode_activity_via_web_server.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/linux/persistence_scheduled_task_unusual_command_execution.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/windows/defense_evasion_potential_library_load_via_rop_gadgets.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/execution_potential_pentesting_powershell_script.toml]" -- "[behavior/rules/linux/defense_evasion_shared_object_injection_via_process_environment_variable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_protected_process_light_bypass_via_dll_tampering.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/linux/impact_potential_coin_miner_execution_via_shell.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/defense_evasion_shared_object_injection_via_process_environment_variable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml]" -- "[behavior/rules/windows/defense_evasion_potential_evasion_with_hardware_breakpoints.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_protected_process_light_bypass_via_dll_tampering.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" -- "[behavior/rules/macos/collection_discovery_result_written_to_a_suspicious_file_via_discovery_process.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_protected_process_light_bypass_via_dll_tampering.toml]" -- "[behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/command_and_control_execution_from_suspicious_stack_trailing_bytes.toml]" -- "[behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/execution_potential_pentesting_powershell_script.toml]" -- "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/execution_potential_pentesting_powershell_script.toml]" -- "[behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/linux/persistence_suspicious_echo_execution.toml]" -- "[behavior/rules/linux/execution_linux_powershell_egress_network_connection.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/windows/defense_evasion_potential_library_load_via_rop_gadgets.toml]" -- "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];
    "[behavior/rules/macos/defense_evasion_dylib_injection_via_process_environment_variables.toml]" -- "[behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml]" [label=" 3 ", penwidth="3", color="#00688b82"];

}