We'll be having two talks at our October meeting! 

First up, Andrew Tunnecliffe (CAlabs.com.au) will be discussing "Beyond the Indicators: How to better use modern threat intel".  Andrew will briefly discuss threat intelligence generally, the ISAC intel sharing model, and ASD's CTIS and CHIPs programs.  From there he'll move on to an advisory that CAlabs wrote for a client based on a phishing email, and what threat hunters can do with the info.  He'll be covering some specific evasive techniques used by effective modern phishing, and how to detect some of them.

And after that, Matt Searles (ex Splunker) will be following on from Chris Grech's talk in June by digging deeper into fast searches in Splunk.. how? TSTATS! Arguably Splunk's greatest command that is criminally underused. There will be a bit of deep diving into how Splunk indexes data under the hood, sprinkled with some mystifying segmenters and the pièce de résistance - a dashboard. Well really just a macro. Actually it's just two sed commands. TRUST ME BRO, it'll be good.  (Editor's note: This paragraph was written by Matt, not me!)

Please note that our venue sponsor (AWS Canberra) requires that visitors to their venue be registered. This process will be a lot faster if you preregister for the event before COB Wednesday October 1. And please bring photo ID.

Note: Any content presented at this event cannot be recorded, shared, or published without written approval from the content owner. This event is for Splunk customers & users only. Journalists and media publications are expressly forbidden from using any content from this event for publishing purposes.