Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra. # Exemples de requêtes Security Lake pour Amazon VPC Flow Logs Amazon Virtual Private Cloud (Amazon VPC) fournit des informations sur le trafic IP à destination et en provenance des interfaces réseau de votre VPC. Voici quelques exemples de requêtes d'Amazon VPC Flow Logs pour la version AWS source 1 : **Trafic en particulier Régions AWS au cours des 7 derniers jours** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND region in ('us-east-1','us-east-2','us-west-2') LIMIT 25 ``` **Liste des activités depuis l'adresse IP `192.0.2.1` et le port source `22` au cours des 7 derniers jours** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND src_endpoint.ip = '192.0.2.1' AND src_endpoint.port = 22 LIMIT 25 ``` **Nombre d'adresses IP de destination distinctes au cours des 7 derniers jours** ``` SELECT COUNT(DISTINCT dst_endpoint.ip) FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) LIMIT 25 ``` **Trafic provenant de 198.51.100.0/24 au cours des 7 derniers jours** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND split_part(src_endpoint.ip,'.', 1)='198'AND split_part(src_endpoint.ip,'.', 2)='51' LIMIT 25 ``` **Tout le trafic HTTPS des 7 derniers jours** ``` SELECT dst_endpoint.ip as dst, src_endpoint.ip as src, traffic.packets FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND dst_endpoint.port = 443 GROUP BY dst_endpoint.ip, traffic.packets, src_endpoint.ip ORDER BY traffic.packets DESC LIMIT 25 ``` **Classer par nombre de paquets pour les connexions destinées au port `443` au cours des 7 derniers jours** ``` SELECT traffic.packets, dst_endpoint.ip FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND dst_endpoint.port = 443 GROUP BY traffic.packets, dst_endpoint.ip ORDER BY traffic.packets DESC LIMIT 25 ``` **Tout le trafic entre IP `192.0.2.1` et `192.0.2.2` au cours des 7 derniers jours** ``` SELECT start_time, end_time, src_endpoint.interface_uid, connection_info.direction, src_endpoint.ip, dst_endpoint.ip, src_endpoint.port, dst_endpoint.port, traffic.packets, traffic.bytes FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND( src_endpoint.ip = '192.0.2.1' AND dst_endpoint.ip = '192.0.2.2') OR ( src_endpoint.ip = '192.0.2.2' AND dst_endpoint.ip = '192.0.2.1') ORDER BY start_time ASC LIMIT 25 ``` **Tout le trafic entrant au cours des 7 derniers jours** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND connection_info.direction = 'ingress' LIMIT 25 ``` **Tout le trafic sortant au cours des 7 derniers jours** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND connection_info.direction = 'egress' LIMIT 25 ``` **Tout le trafic refusé au cours des 7 derniers jours** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND type_uid = 400105 LIMIT 25 ```