Logchecker – New Tool for Threat Intelligence Developed by LIFARS

Introducing The Logchecker Tool

Logchecker is a new Windows and Linux tool for scanning log files, developed by LIFARS. It extracts IP addresses, domain names and hashes from input file and checks for them in Threat Intelligence database. It supports Windows EVTX logs, text-based logs or any plaintext files. Output can be in CSV format for better human readability or in JSON for computer processing.

Example of CSV output of Logchecker

Example of CSV output of Logchecker

Example of JSON output of Logchecker

Example of JSON output of Logchecker

 

Our Logchecker uses the YETI platform as a backend. Thus, it can benefit from all the YETI machinery, including many feeds and analytics plugins. We believe that cyber security is a shared responsibility and we appreciate the work of YETI developers and cybersec community. Therefore, we decided to publish our Logchecker tool under Open Source MIT License. Consider it as our contribution to the community, so all defenders can benefit from it.

Source codes and pre-built binaries for Windows and Linux are available at LIFARS GitHub:

https://github.com/Lifars/log-checker

Learn more about Logchecker in our blog post.