Powerpipe MCP Server →

Plugins Docs Home

turbot/tailpipe-mod-aws-vpc-flow-log-detections

activity_dashboard_accepted_rejected_traffic activity_dashboard_top_destination_ips_by_traffic activity_dashboard_top_enis_by_traffic activity_dashboard_top_source_destination_pairs_by_packets activity_dashboard_top_source_ips_by_rejected_traffic activity_dashboard_top_source_ips_by_traffic activity_dashboard_total_accepted_traffic activity_dashboard_total_records activity_dashboard_total_rejected_traffic activity_dashboard_traffic_by_log_status activity_dashboard_traffic_by_protocol activity_dashboard_traffic_by_region database_traffic high_packet_traffic large_data_transfer rdp_traffic ssh_traffic traffic_with_unusual_protocols

Query: Accepted vs. Rejected Traffic

Description

Comparison of accepted and rejected record counts.

Usage

powerpipe query aws_vpc_flow_log_detections.query.activity_dashboard_accepted_rejected_traffic

Tailpipe Tables

aws_vpc_flow_log

AWS plugin

Tags

SQL

with time_series as (
  select
    date_trunc('day', start_time) as day,
    count(*) filter (where action = 'ACCEPT') as accepted,
    count(*) filter (where action = 'REJECT') as rejected
  from
    aws_vpc_flow_log
  group by
    day
  order by
    day
)
select
  day,
  accepted,
  rejected
from
  time_series
order by
  day;

Dashboards

The query is used in the dashboards:

VPC Flow Log Activity Dashboard