This detection rule is designed to identify potentially malicious DNS requests that originate from Domain Generation Algorithms (DGA). DGAs are often used by attackers to generate a multitude of domain names, which can serve as command and control channels. By leveraging a supervised machine learning model, the rule analyzes DNS queries for a high probability score (greater than 0.98) indicative of DGA behavior. When such requests are flagged, they may warrant further investigation to ascertain if they are linked to command and control activity. The rule requires the setup of DGA Detection assets, specifically designed to work within the Elastic ecosystem, using integrations such as Elastic Defend or Packetbeat to capture the relevant DNS event data. Analysts are guided to review logs, cross-reference flagged domains with threat intelligence, and take appropriate incident response actions, such as isolating affected systems and scanning for malware, should malicious activity be suspected.