Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà. # Esempi di query Security Lake per Amazon VPC Flow Logs Amazon Virtual Private Cloud (Amazon VPC) fornisce dettagli sul traffico IP da e verso le interfacce di rete nel tuo VPC. Ecco alcuni esempi di query di Amazon VPC Flow Logs AWS per la versione sorgente 1: **Traffico specifico Regioni AWS negli ultimi 7 giorni** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND region in ('us-east-1','us-east-2','us-west-2') LIMIT 25 ``` **Elenco delle attività dall'IP di origine `192.0.2.1` e dalla porta di origine `22` negli ultimi 7 giorni** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND src_endpoint.ip = '192.0.2.1' AND src_endpoint.port = 22 LIMIT 25 ``` **Numero di indirizzi IP di destinazione distinti negli ultimi 7 giorni** ``` SELECT COUNT(DISTINCT dst_endpoint.ip) FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) LIMIT 25 ``` **Traffico proveniente da 198.51.100.0/24 negli ultimi 7 giorni** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND split_part(src_endpoint.ip,'.', 1)='198'AND split_part(src_endpoint.ip,'.', 2)='51' LIMIT 25 ``` **Tutto il traffico HTTPS negli ultimi 7 giorni** ``` SELECT dst_endpoint.ip as dst, src_endpoint.ip as src, traffic.packets FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND dst_endpoint.port = 443 GROUP BY dst_endpoint.ip, traffic.packets, src_endpoint.ip ORDER BY traffic.packets DESC LIMIT 25 ``` **Ordina per numero di pacchetti per le connessioni destinate alla porta `443` negli ultimi 7 giorni** ``` SELECT traffic.packets, dst_endpoint.ip FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND dst_endpoint.port = 443 GROUP BY traffic.packets, dst_endpoint.ip ORDER BY traffic.packets DESC LIMIT 25 ``` **Tutto il traffico tra IP `192.0.2.1` e `192.0.2.2` negli ultimi 7 giorni** ``` SELECT start_time, end_time, src_endpoint.interface_uid, connection_info.direction, src_endpoint.ip, dst_endpoint.ip, src_endpoint.port, dst_endpoint.port, traffic.packets, traffic.bytes FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND( src_endpoint.ip = '192.0.2.1' AND dst_endpoint.ip = '192.0.2.2') OR ( src_endpoint.ip = '192.0.2.2' AND dst_endpoint.ip = '192.0.2.1') ORDER BY start_time ASC LIMIT 25 ``` **Tutto il traffico in entrata negli ultimi 7 giorni** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND connection_info.direction = 'ingress' LIMIT 25 ``` **Tutto il traffico in uscita negli ultimi 7 giorni** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND connection_info.direction = 'egress' LIMIT 25 ``` **Tutto il traffico rifiutato negli ultimi 7 giorni** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND type_uid = 400105 LIMIT 25 ```