ddos attacks are only visibile for ip's behind the scrubbing bgp session, and not for ip's behind the "bypass/volumetric" protection.

insight's for the bypass/volumetric protection are very usefull to correlate attack's against other problems inside our app.

essential aggregations:

• ip that is attacked

nice to have aggregations:

• source country

• source asn

• type of attack