The RQL needs constraints to exclude NAT Gateway and ELB.
Please try:
network where src.ip=0.0.0.0 AND protocol=‘TCP’ AND dest.port not IN (21,23,80,443,8444,8443,22) AND source.publicnetwork IN ( ‘Internet IPs’ , ‘Suspicious IPs’ ) AND dest.resource IN ( resource where role not in ( ‘AWS NAT Gateway’ , ‘AWS ELB’ )
network where src.ip=0.0.0.0 AND protocol=‘TCP’ AND dest.port IN (21,22,23,80) AND source.publicnetwork IN ( ‘Internet IPs’ , ‘Suspicious IPs’ ) AND dest.resource IN ( resource where role not in ( ‘AWS NAT Gateway’ , ‘AWS ELB’ ) )
... View more