Michael L. Artz

Unfortunately our data is internal, but is similar to an IPFIX biflow using Direction by Perimeter: https://datatracker.ietf.org/doc/html/rfc5103. IPFIX biflows provide directional containers (fwd/rev) within the flow to hold the various...

The issue is that VPC Flow Logs are (roughly) unidirectional flow, not biflow. I'll see if we can sanitize our data and provide an example.

Here is a heavily redacted example of our data represented in JSON. We are collecting "biflows" from AWS EC2 instances, or roughly 1 minute aggregations of data keyed by the...