Query: s3_object_accessed_outside_business_hours

select
  tp_timestamp as timestamp,
operation,
bucket as resource,
requester as actor,
tp_source_ip as source_ip,
tp_index as account_id,
tp_id as source_id,
http_status,
error_code,
*

from
  aws_s3_server_access_log
where
  extract(hour from tp_timestamp) not between 8 and 18
  and operation = 'REST.GET.OBJECT'
order by
  tp_timestamp desc;