activity_dashboard_accepted_rejected_trafficactivity_dashboard_top_destination_ips_by_trafficactivity_dashboard_top_enis_by_trafficactivity_dashboard_top_source_destination_pairs_by_packetsactivity_dashboard_top_source_ips_by_rejected_trafficactivity_dashboard_top_source_ips_by_trafficactivity_dashboard_total_accepted_trafficactivity_dashboard_total_recordsactivity_dashboard_total_rejected_trafficactivity_dashboard_traffic_by_log_statusactivity_dashboard_traffic_by_protocolactivity_dashboard_traffic_by_regiondatabase_traffichigh_packet_trafficlarge_data_transferrdp_trafficssh_traffictraffic_with_unusual_protocols
Query: Top 10 Destination IP Addresses by Traffic
Description
List the top 10 destination IP addresses generating the most traffic.
Usage
powerpipe query aws_vpc_flow_log_detections.query.activity_dashboard_top_destination_ips_by_trafficTailpipe Tables
Tags
SQL
select dst_addr as "Destination IP", count(*) as "Records", coalesce(sum(bytes), 0) as "Total Bytes", coalesce(sum(packets), 0) as "Total Packets", max(start_time) as "Last Seen"from aws_vpc_flow_logwhere dst_addr is not nullgroup by dst_addrorder by "Records" desclimit 10;
Dashboards
The query is used in the dashboards: