In this section, we will walk through a few tools included in Security Onion that can help in security monitoring:

1. Once we are done with the setup of the security tools included in Security Onion, we have to create a user account to use these tools. Open the Terminal and run the following command to create a user for the tools:

In the preceding step, we have created a user named pentest1 and then configured the password for them.

2. Once we have created the user account, we can start using the tools.
3. On the desktop, we can find the icon for the SGUIL tool. Double-click on the icon to run the tool.

4. A login screen will open, as shown here. Enter the user details configured in the previous step and click on OK:

5. Once the user details are validated, the next window will ask to select the network to monitor. Select the interface from the options available and click on Start SGUIL to proceed:

6. We get the window shown next. This is the main screen of the SGUIL tool. Here, we can monitor the real-time events happening on the network selected in the previous step, along with the session data and raw packet captures:

7. There are other tools also included in Security Onion, such as Kibana. To access this tool, we can find the shortcut on the desktop. Once we double-click on the shortcut, it will open the browser pointing at the URL: https://localhost/app/kibana.
8. The browser will give a warning regarding Insecure connection/Connection is not private as a self-signed SSL certificate is being used. Ignore the error, shown as follows, click on Advanced, and proceed:

9. Next, Kibana will ask for user details to log in. Use the user details configured in the first step. Once successfully logged in, we get the following window:

10. Kibana helps in visualizing Elasticsearch data and also navigating the Elastic stack.

11. Security Onion includes other tools that can be used to monitor various activities in the network. Explore the tools to get more insight into them.