Elastic machine learning is utilized to train and evaluate a supervised machine learning model aimed at detecting domain generation algorithms (DGAs), which are used by cyber attackers to evade detection by generating a multitude of random-looking domains. This process involves feature extraction from both malicious and benign domains, with a focus on identifying characteristics that distinguish them, such as domain name length and entropy, eventually settling on using n-grams for feature engineering. The model is trained using a labeled dataset, with an 80/20 train/test split to assess its performance through metrics like the confusion matrix, which indicates a 98% true positive rate. Despite this high accuracy, the volume of DNS traffic could still result in a significant number of false positives. In the subsequent part of the series, the deployment of the DGA model into production will be explored, including the creation of inference processors and the use of anomaly detection to mitigate false positive alerts, thereby enhancing network security monitoring.