ProblemChild is a framework developed using the Elastic Stack to detect living-off-the-land (LOtL) attacks, which are difficult to identify because they exploit benign software within a target environment. The framework utilizes a supervised machine learning model to analyze Windows process event data and identify potentially malicious processes based on process lineage information. Once identified, anomaly detection is used to highlight rare processes, and detection rules alert on unusual parent-child process activities, indicative of LOtL attacks. The framework's components, including the detection model, anomaly detection jobs, and detection rules, are available in the detection-rules repository on GitHub, and users can integrate these into their Elastic cluster using the provided command-line tools. The supervised model is designed to flag processes with a prediction of potential maliciousness, and users can further refine their alerting strategy by configuring anomaly detection jobs and modifying detection rules to suit their specific environment, thereby reducing false positives and focusing on significant threats. The framework is supported by Elastic's community channels for feedback and troubleshooting, and it offers a 14-day free trial on Elastic Cloud for experimentation.