Advanced Persistent Threats (APTs) prey on government entities and corporations via previously unknown attack vectors and complex techniques with overwhelming success. Though industry has attempted to engineer effective solutions to combat APTs, the solutions consistently lack the ability to respond and react to novel threats. This presentation covers an effective, two-stage unsupervised graph anomaly-based detection algorithm called “ProcAID” that fills the gap of industry’s current detection and response capabilities. In general, ProcAID concentrates on anomalous process creation, inverse graph leadership, and inverse graph density to discover malicious processes on a single host. In the first stage, the solution detects anomalous host process creation events via unsupervised graph link prediction. In the second stage, ProcAID evaluates and assigns scores to a process based on its observed behavior. ProcAID was tested on a real-world enterprise dataset with known APT activity. This research proved proficient in distinguishing between malicious and benign host processes with options to expand to an enterprise implementation. ProcAID also out-performed other graph and machine learning anomaly detection algorithms in the detection of malicious activity. With already existing assets like Windows Security Event Logs, the implementation costs for ProcAID are minimal while the benefits are vast.