ProblemChild: Discovering Anomalous Patterns based on Parent-Child Process Relationships
We present ProblemChild, a framework for surfacing anomalous parent-child process relationships from endpoint telemetry — a useful signal for catching living-off-the-land and post-exploit behaviors that single-process detection rules miss.