Query: s3_object_accessed_with_large_response_size

select
  tp_timestamp as timestamp,
  operation,
  bucket as resource,
  requester as actor,
  tp_source_ip as source_ip,
  tp_index as account_id,
  tp_id as source_id,
  http_status,
  error_code,
  *
from
  aws_s3_server_access_log
where
  operation = 'REST.GET.OBJECT'
  and bytes_sent > 100000000
order by
  tp_timestamp desc;