ddos attacks are only visibile for ip's behind the scrubbing bgp session, and not for ip's behind the "bypass/volumetric" protection.
insight's for the bypass/volumetric protection are very usefull to correlate attack's against other problems inside our app.
essential aggregations:
ip that is attacked
nice to have aggregations:
source country
source asn
type of attack