Add VPC Flow Log detections and dashboards

.gitattributes

@@ -0,0 +1 @@
+**/*.pp linguist-language=HCL

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,29 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**Powerpipe version (`powerpipe -v`)**
+Example: v0.3.0
+
+**Tailpipe version (`tailpipe -v`)**
+Example: v0.3.0
+
+**Plugin version (`tailpipe plugin list`)**
+Example: v0.5.0
+
+**To reproduce**
+Steps to reproduce the behavior (please include relevant code and/or commands).
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,11 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Questions
+    url: https://turbot.com/community/join
+    about: GitHub issues in this repository are only intended for bug reports and feature requests. Other issues will be closed. Please ask and answer questions through the Turbot Slack community.
+  - name: Powerpipe CLI Bug Reports and Feature Requests
+    url: https://github.com/turbot/powerpipe/issues/new/choose
+    about: Powerpipe CLI has its own codebase. Bug reports and feature requests for those pieces of functionality should be directed to that repository.
+  - name: Tailpipe CLI Bug Reports and Feature Requests
+    url: https://github.com/turbot/tailpipe/issues/new/choose
+    about: Tailpipe CLI has its own codebase. Bug reports and feature requests for those pieces of functionality should be directed to that repository.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,2 @@
+### Checklist
+- [ ] Issue(s) linked

.github/workflows/stale.yml

@@ -0,0 +1,17 @@
+name: Stale Issues and PRs
+on:
+  schedule:
+    - cron: "30 23 * * *"
+  workflow_dispatch:
+    inputs:
+      dryRun:
+        description: Set to true for a dry run
+        required: false
+        default: "false"
+        type: string
+
+jobs:
+  stale_workflow:
+    uses: turbot/steampipe-workflows/.github/workflows/stale.yml@main
+    with:
+      dryRun: ${{ github.event.inputs.dryRun }}

.github/workflows/sync-labels.yml

@@ -0,0 +1,9 @@
+name: Sync Labels
+on:
+  schedule:
+    - cron: "30 22 * * 1"
+  workflow_dispatch:
+
+jobs:
+  sync_labels_workflow:
+    uses: turbot/steampipe-workflows/.github/workflows/sync-labels.yml@main

.gitignore

@@ -0,0 +1,19 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Swap files
+*.swp
+
+# Ignore Apple custom attributes file
+.DS_Store
+
+# Powerpipe variable files
+*.ppvars
+*.auto.ppvars
+
+# Ignore DuckDB files
+*.db

CHANGELOG.md

@@ -0,0 +1,11 @@
+## v0.1.0 [2025-04-18]
+
+_What's new?_
+
+- New benchmarks added:
+  - MITRE ATT&CK v16.1 benchmark (`powerpipe benchmark run aws_vpc_flow_log_detections.benchmark.mitre_attack_v161`).
+  - VPC Flow Log Detections benchmark (`powerpipe benchmark run aws_vpc_flow_log_detections.benchmark.vpc_flow_log_detections`).
+
+- New dashboards added:
+  - [VPC Flow Log Activity Dashboard](https://hub.powerpipe.io/mods/turbot/tailpipe-mod-aws-vpc-flow-log-detections/dashboards/dashboard.activity_dashboard)
+  - [VPC Flow Log Network Graph](https://hub.powerpipe.io/mods/turbot/tailpipe-mod-aws-vpc-flow-log-detections/dashboards/dashboard.network_graph)

README.md

@@ -1,2 +1,85 @@
-# tailpipe-mod-aws-vpc-flow-log-detections-
-Run detections and view dashboards for your AWS VPC Flow logs to monitor and analyze activity across your AWS accounts using Powerpipe and Tailpipe.
+# AWS VPC Flow Log Detections Mod for Powerpipe
+
+[Tailpipe](https://tailpipe.io) is an open-source CLI tool that allows you to collect logs and query them with SQL.
+
+[AWS](https://aws.amazon.com/) provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.
+
+The [AWS VPC Flow Log Detections Mod](https://hub.powerpipe.io/mods/turbot/tailpipe-mod-aws-vpc-flow-log-detections) contains pre-built dashboards and detections, which can be used to monitor and analyze network activity across your AWS accounts.
+
+Run detection benchmarks:
+![image](docs/images/aws_vpc_flow_log_mitre_dashboard.png)
+
+View insights in dashboards:
+![image](docs/images/aws_vpc_flow_log_network_graph.png)
+
+## Documentation
+
+- **[Benchmarks and Detections →](https://hub.powerpipe.io/mods/turbot/aws-vpc-flow-log-detections/benchmarks)**
+
+## Getting Started
+
+Install Powerpipe from the [downloads page](https://powerpipe.io/downloads):
+
+```bash
+# macOS
+brew install turbot/tap/powerpipe
+
+# Linux or Windows (WSL)
+sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)"
+```
+
+This mod also requires AWS VPC flow logs to be collected using Tailpipe with the AWS plugin:
+- [Get started with the AWS plugin for Tailpipe →](https://hub.tailpipe.io/plugins/turbot/aws#getting-started)
+- [Collect AWS VPC flow logs →](https://hub.tailpipe.io/plugins/turbot/aws/tables/aws_vpc_flow_log#configure)
+
+Install the mod:
+
+```bash
+mkdir dashboards
+cd dashboards
+powerpipe mod install github.com/turbot/tailpipe-mod-aws-vpc-flow-log-detections
+```
+
+### Browsing Dashboards
+
+Start the dashboard server:
+
+```bash
+powerpipe server
+```
+
+Browse and view your dashboards at **http://localhost:9033**.
+
+### Running Benchmarks in Your Terminal
+
+Instead of running benchmarks in a dashboard, you can also run them within your terminal with the `powerpipe benchmark` command:
+
+List available benchmarks:
+
+```bash
+powerpipe benchmark list
+```
+
+Run a benchmark:
+
+```bash
+powerpipe benchmark run aws_vpc_flow_log_detections.benchmark.mitre_attack_v161
+```
+
+Different output formats are also available, for more information please see [Output Formats](https://powerpipe.io/docs/reference/cli/benchmark#output-formats).
+
+## Open Source & Contributing
+
+This repository is published under the [Apache 2.0 license](LICENSE). Please see our [code of conduct](https://github.com/turbot/.github/blob/main/CODE_OF_CONDUCT.md). We look forward to collaborating with you!
+
+[Tailpipe](https://tailpipe.io) and [Powerpipe](https://powerpipe.io) are products produced from this open source software, exclusively by [Turbot HQ, Inc](https://turbot.com). They are distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our [Open Source FAQ](https://turbot.com/open-source).
+
+## Get Involved
+
+**[Join #tailpipe and #powerpipe on Slack →](https://turbot.com/community/join)**
+
+Want to help but don't know where to start? Pick up one of the `help wanted` issues:
+
+- [Powerpipe](https://github.com/turbot/powerpipe/labels/help%20wanted)
+- [Tailpipe](https://github.com/turbot/tailpipe/labels/help%20wanted)
+- [AWS VPC Flow Log Detections Mod](https://github.com/turbot/tailpipe-mod-aws-vpc-flow-log-detections/labels/help%20wanted)