A firewall analyzer built for Cisco — FMC, FTD, and ASA.
SAMURAI is a self-hosted Cisco firewall analyzer that reads Cisco Secure Firewall (FMC/FTD) and ASA configuration state directly: access and NAT policies, objects, interfaces, and the ACLs on the IOS, IOS-XE, and NX-OS devices around them. It is a configuration analyzer, not a log analyzer — you see the rules themselves and every change to them, attributed to the admin who made it.
Updated June 2026
What it reads from your Cisco estate
FMC access & NAT policies
Cisco Secure Firewall Management Center access-control and NAT rules, policy assignments, and deployable devices — searchable across every managed FTD.
FTD & ASA configuration
Firepower Threat Defense and ASA read over SSH: interfaces, routes, objects, and access rules, in the same view as your FMC policies.
Objects, resolved
Network and service objects and groups expanded recursively, so you read "tcp/443", not an object name you have to chase through nested groups.
ACL visibility on routers & switches
Access lists on IOS, IOS-XE, and NX-OS surfaced alongside the firewalls — the whole Cisco path in one place. Visibility, not rule scoring.
ACI fabric contracts
Cisco ACI tenants, EPGs, and contracts from APIC and NDO, so east-west fabric policy sits next to the perimeter firewalls.
Change tracking with attribution
Every FMC/FTD/ASA policy change detected from real device state, diffed, and attributed to the admin and transaction that produced it — no reliance on audit logs.
How it compares to log-based Cisco tools
Most "Cisco firewall log analyzer" tools parse syslog and traffic logs to tell you what traffic happened. SAMURAI reads configuration state to tell you what the rules are and what changed. Different question, different tool.
Data source
SAMURAI
Configuration state from FMC, FTD, ASA, and IOS/NX-OS devices
Cisco log analyzers
Syslog and traffic logs
Question answered
SAMURAI
What are the rules, and who changed what, when?
Cisco log analyzers
What traffic passed or was denied?
Scope
SAMURAI
Cisco firewalls plus routers, switches, ACI, ISE, and vCenter in one view
Cisco log analyzers
Usually firewall logs only
Deployment
SAMURAI
Single self-hosted Docker container, air-gap friendly
Cisco log analyzers
Log collector or SaaS pipeline
If you need traffic-log analytics, a log analyzer is the right tool. If you need to see and search Cisco firewall configuration across FMC, FTD, ASA, and the network around them — and know who changed what — that is what SAMURAI does.
Frequently asked questions
Does SAMURAI analyze Cisco Secure Firewall (FMC/FTD)?
Yes. FMC access and NAT policies, objects, and deployable devices are first-class, and FTD configuration is read directly. You search and diff policy across every managed device from one dashboard.
Can it read Cisco ASA?
Yes. ASA is read over SSH as part of the firewall family: interfaces, routes, objects, and access rules, alongside FMC/FTD in the same view.
Is this a Cisco firewall log analyzer?
No — SAMURAI analyzes configuration state, not logs. It reads policies and objects from the devices themselves rather than parsing syslog, so you analyze the rules and their changes. It can forward its own events as RFC5424 syslog, but log analytics is not its focus.
Does it do Cisco firewall rule cleanup or optimization?
It gives you full visibility and search across Cisco firewall rules, plus change tracking with admin attribution. It does not do automated rule recertification, shadowed-rule scoring, or policy optimization — those are the domain of dedicated policy-management suites.
Is there a free version?
Yes. A free test license ships with the SAMURAI Docker image on Docker Hub, no email required, so you can point it at your own Cisco firewalls before talking to anyone.
How do I deploy it?
A single docker run on a VM that can reach FMC, your FTD/ASA devices, and your IOS/NX-OS gear. A typical deployment is serving data in about five minutes.