Network Flow Log Query Examples
Some examples for Network Flow Log Queries.
This section lists some examples that show you how to use Network Flow Log Query Attributes in RQL for investigating network flow log issues.
network from vpc.flow_record whereQuery Examples
View traffic originating from the Internet & suspicious IPs to resource with Database role.
Find instances that are accessible over the Internet using insecure ports.
Find hosts with Meltdown and Spectre vulnerabilities receiving network traffic.
Check for traffic categorized as malware of type DDoS, HackingTool, or Worm, originating from the Internet & suspicious IPs that are destined to your cloud assets that are not directly accessible over the Internet.
Look for traffic from Internet to any instance outside of Web servers, NAT Gateways or ELBs.
Look for source entities which are AWS ELBs with connections to more than 10 unique peer IP addresses, but those peer IPs are not endpoints that function as Databases.
Identify any instances with a private IP address (specified in the CIDR format) that are sending traffic to the Internet.
You cannot include a public IP address in the CIDR format as a source or destination IP address. Also, do not include an IP address and an IP address in a CIDR format as a comma separated list.
View whether a list of specified IP addresses are sending traffic to the Internet.
Recommended For You
Recommended videos not found.