activity_dashboard_accepted_rejected_trafficactivity_dashboard_top_destination_ips_by_trafficactivity_dashboard_top_enis_by_trafficactivity_dashboard_top_source_destination_pairs_by_packetsactivity_dashboard_top_source_ips_by_rejected_trafficactivity_dashboard_top_source_ips_by_trafficactivity_dashboard_total_accepted_trafficactivity_dashboard_total_recordsactivity_dashboard_total_rejected_trafficactivity_dashboard_traffic_by_log_statusactivity_dashboard_traffic_by_protocolactivity_dashboard_traffic_by_regiondatabase_traffichigh_packet_trafficlarge_data_transferrdp_trafficssh_traffictraffic_with_unusual_protocols
Query: Top 10 Source Destination Pairs by Packets
Description
List the top 10 source-destination pairs with the highest packet counts.
Usage
powerpipe query aws_vpc_flow_log_detections.query.activity_dashboard_top_source_destination_pairs_by_packetsTailpipe Tables
Tags
SQL
select src_addr as "Source IP", dst_addr as "Destination IP", coalesce(sum(packets), 0) as "Total Packets", coalesce(sum(bytes), 0) as "Total Bytes", count(*) as "Records", max(start_time) as "Last Seen"from aws_vpc_flow_logwhere src_addr is not null and dst_addr is not nullgroup by src_addr, dst_addrorder by "Total Packets" desclimit 10;
Dashboards
The query is used in the dashboards: