Security Onion is a Linux-based distribution built for the purpose of network security monitoring. Monitoring the network for security-related events can be proactive, if used to identify vulnerabilities, or it can be reactive, in cases such as incident response.
Security Onion helps by providing insight into the network traffic and context around alerts.
We discussed the process of installing and configuring Security Onion on a system in previous chapters. Having followed those steps, we have an up-and-running system with Security Onion installed on it.
No other prerequisites are needed for using Security Onion.
In this section, we will walk through a few tools included in Security Onion that can help in security monitoring:
- Once we are done with the setup of the security tools included in Security Onion, we have to create a user account to use these tools. Open the Terminal and run the following command to create a...