Powerpipe MCP Server →

Plugins Docs Home

turbot/tailpipe-mod-aws-vpc-flow-log-detections

activity_dashboard_accepted_rejected_traffic activity_dashboard_top_destination_ips_by_traffic activity_dashboard_top_enis_by_traffic activity_dashboard_top_source_destination_pairs_by_packets activity_dashboard_top_source_ips_by_rejected_traffic activity_dashboard_top_source_ips_by_traffic activity_dashboard_total_accepted_traffic activity_dashboard_total_records activity_dashboard_total_rejected_traffic activity_dashboard_traffic_by_log_status activity_dashboard_traffic_by_protocol activity_dashboard_traffic_by_region database_traffic high_packet_traffic large_data_transfer rdp_traffic ssh_traffic traffic_with_unusual_protocols

Query: Traffic by Protocol

Description

Distribution of record counts across different protocols.

Usage

powerpipe query aws_vpc_flow_log_detections.query.activity_dashboard_traffic_by_protocol

Tailpipe Tables

aws_vpc_flow_log

AWS plugin

Tags

SQL

select
  case
    when protocol = 1 then 'ICMP'
    when protocol = 6 then 'TCP'
    when protocol = 17 then 'UDP'
    else 'Other'
  end as protocol_type,
  count(*) as "Records"
from
  aws_vpc_flow_log
where
  protocol is not null
group by
  protocol_type
order by
  "Records" desc;

Dashboards

The query is used in the dashboards:

VPC Flow Log Activity Dashboard