This rule leverages a supervised machine learning model to detect potential DNS queries that use domain generation algorithms (DGAs) associated with the SUNBURST malware. It is designed to alert on DNS question names predicted to be malicious, enabling security teams to proactively identify and mitigate threats. By analyzing patterns in DNS events, the model aims to catch dynamic domain names used for command and control (C2) communications by adversaries, thus providing an early warning mechanism against potential intrusions. The detection relies on the collection of DNS event data via integrated tools like Elastic Defend or Network Packet Capture, and requires configuration of the DGA detection integration within the Elastic Stack environment to function effectively.