Are the details on this page a demo?
No. This summary describes the five-device live deployment model using measurable details.
Case Study
This page summarizes a real Bivoxy deployment using only measurable details across licensing, device connectivity, log collection, and operations.
The production deployment includes five connected security devices. It collects telemetry from FortiGate, Wazuh, and syslog sources while managing license entitlement, device onboarding, and reporting through the same operational flow.
The goal is not raw log accumulation but context across devices. VPN sessions, firewall actions, and host signals are evaluated through the same analysis chain.
FortiGate sources -> Reliable Syslog/TLS -> Bivoxy ingest Wazuh sources -> Agent/manager telemetry -> Bivoxy normalize Syslog sources -> TCP syslog -> Bivoxy parser Bivoxy pipeline: ingest -> normalization -> enrichment -> scenario detection -> reporting
date=2026-07-15 time=09:22:31 devname=FGT-PROD-01 srcip=198.51.100.24 dstip=10.10.4.20 action=deny service=SSLVPN user=anon.user policyid=42 normalized.source.ip=198.51.100.24 normalized.action=deny normalized.event.category=vpn normalized.device.type=fortigate
In this deployment, daily event rate changes by device and working pattern; the observed production range is approximately 15-80 EPS. Detection scenarios include VPN brute-force, new IPsec endpoint detection, risky country context, admin login anomaly, and FortiGate policy deny spikes.
For a five-source production setup, validating the first log flow and seeing the initial dashboards can be completed within the same day. Parser adjustments, custom alarm rules, and reporting agreements are finalized according to the organization’s needs.
Screenshots used in the case study are published with customer names, public IPs, and user identifiers anonymized. The dashboard view shows activity summary, VPN sessions, active events, and device filtering in the same interface.
[FortiGate #1-#3] -- TLS Syslog --> [Bivoxy ingest] [Wazuh manager] -- events -----> [Bivoxy normalize] [Generic syslog] -- TCP -------> [Bivoxy parser] Normalize -> Enrich -> Detect -> Notify -> Report
Case Study
Connected devices
5
Data sources
FortiGate + Wazuh + Syslog
License model
License-based
Production deployment with five connected security devices, including FortiGate and Wazuh data sources. Devices are managed under a license-based model, and collection, normalization, and reporting run through the same workflow.
No. This summary describes the five-device live deployment model using measurable details.