// THE PLATFORM

Six primitives.
One unified surface.

Every capability is built around the same data model: devices, endpoints, paths, policies, changes, and snapshots, queryable through one API.

Discovery

See every endpoint, even the ones nobody told you about

SAMURAI correlates MAC, IP, ARP, DHCP snooping, CDP/LLDP neighbors, 802.1X sessions, and APIC fabric hosts across every switch, router, and controller into one unified endpoint table with OUI vendor lookup.

  • Field-scoped search with subnet matching
  • Multi-source correlation (MAC, ARP, DHCP, CDP/LLDP, 802.1X, APIC)
  • OUI vendor identification from 39K-entry IEEE database
  • Background sync keeps data fresh without live queries
Scroll to explore · 1/8
Overview
samurai / overview
SAMURAI
dc1-production
Overview
dc1-production · all systems operational
24
Total
22
Online
1
Warning
1
Offline
Cisco APIC2
2/2 online2,841 eps
apic-fab-01.dc1apic-fab-02.dc2
Firewall (FTD)3
3/3 online1,203 eps
ftd-edge-02ftd-edge-03ftd-dmz-01
Palo Alto2
1/2 online882 eps
pan-pa-5260pan-pa-3260
Router4
4/4 online412 eps
asr-core-r1asr-core-r2asr-edge-r1asr-edge-r2
Switch12
11/12 online8,146 eps
n9k-leaf-04n9k-spine-01cat-9300-15...
Cisco ISE1
1/1 online
ise-psn-01
Analysis

Simulate any traffic path. Across any vendor. With ACL checks at every hop.

Enter a 5-tuple (source, destination, protocol, ports) and SAMURAI traces the packet hop by hop across routers, switches, and firewalls. Every ACL along the path is evaluated. Forward and reverse paths are traced automatically.

  • Forward + reverse path tracing
  • ACL checks with wildcard masks and port ranges
  • Works across IOS, NX-OS, IOS-XR, PAN-OS, and FTD
  • Visual diff between any two snapshots
samurai / path-trace
Source
10.10.3.100
Destination
10.20.5.42
Protocol
TCP/443
Trace
Forward path6 hops · 4.2msPERMITTED
1n9k-leaf-04Eth1/12 → Eth1/48L2 switchforward
2asr-core-r1Gi0/0/2 → Gi0/0/4L3 routedOSPF area 0
3ftd-edge-02TenGi1/3 → TenGi1/5FirewallACL: allow-web
4asr-edge-r2Gi0/1/1 → Gi0/1/3L3 routedBGP AS 65010
5pan-pa-5260ethernet1/3 → ethernet1/8Firewallrule: app-tier
6n9k-leaf-12Eth1/22L2 switchdelivered
Monitoring

Catch every meaningful change. Ignore the noise.

Every sync compares real device data against the previous snapshot, not audit logs. Volatile fields are filtered automatically. Only when something meaningful changes is a new snapshot stored.

  • Smart deduplication, no duplicate snapshots
  • Configurable snapshot history (default 168 per collection)
  • Side-by-side diff viewer for any two snapshots
  • Telegram alerts on configuration drift
samurai / changes / diff
asr-core-r1 · running_config
- 2026-05-26 14:30 UTC+ 2026-05-27 02:15 UTC
12 ip access-list extended OUTSIDE_IN
13 permit tcp any host 10.10.1.5 eq 22
14+ permit tcp any host 10.10.1.5 eq 443
15+ permit tcp any host 10.10.1.5 eq 8443
16- permit tcp any host 10.10.1.5 eq 80
17 deny ip any any log
18 !
19+ip route 10.20.0.0 255.255.0.0 10.10.1.1
20-ip route 10.20.0.0 255.255.0.0 10.10.1.254
21 ip route 0.0.0.0 0.0.0.0 10.10.0.1
Policy Analyzer

See what your firewalls actually allow

SAMURAI resolves the effective permitted space across your rule base, not just what a rule says but what traffic really gets through. It flags shadowed, redundant, and overly broad rules and scores each by exposure. Configuration analysis on real device data.

  • Effective access: compute end-to-end permitted space across the whole rule set, with objects and NAT resolved.
  • Rule hygiene: surface shadowed, redundant, and overly broad rules automatically.
  • Risk scoring: rank rules by exposure so the widest-open ones surface first.
  • One model across vendors: Palo Alto, Cisco FTD, FortiGate, Juniper SRX, and ACI in a canonical policy view.
samurai / policy analyzer
Effective access
dmz-web10.20.0.0/16: 443
Permitted via rule 12 · allow-web-tier
Rule hygiene3 findings
rule 47allow web → db : 1433Shadowed by 12
rule 88allow any → any : 443Overly broad
rule 91allow any → 10.0.0.0/8High exposure
Palo Alto · Cisco FTD · FortiGate · Juniper SRX · ACI

An analyst that learns your network.

SAMURAI's AI reads every configuration change, classifies it by severity, and cuts the noise using facts it curates about your own fabric. Analysis you can audit, not autopilot.

  • Auto-curated network memory, learned as durable facts.
  • Every change classified by severity, so real anomalies surface.
  • Self-auditing, human-in-the-loop: edit or lock any fact.
  • Runs on your model, on-prem or cloud, your choice.
samurai / ai-analysis
CHANGE ANALYSIS
core-leaf-03 · mac_table +7 −6ROUTINE · SUPPRESSED
VM mobility matches a learned SAFE memory. No alert raised.
edge-fw-1 · security_policy +1 −2REVIEW · MEDIUM
New permit rule to 0.0.0.0/0 with no matching memory. Surfaced for review.
AI MEMORIESAUTO-CURATED
FACT
VLAN 142 carries active VM workloads on po10/po15.
switch / vlans0.94
SAFE
VMware MAC roaming across fabric ports is normal vNIC mobility.
switch / mac_table0.89
FACT
Gi1/0/35 is a voice port for Cisco IP phones.
switch / auth_sessions0.96

And dozens more tools for day-to-day ops

Discovery

Endpoint discovery & correlation

Correlate MAC, ARP, DHCP, CDP/LLDP, 802.1X, and APIC hosts into a unified endpoint inventory with OUI vendor lookup.

Traffic Sim

Hop-by-hop traffic simulation

Simulate any 5-tuple path across routers, switches, and firewalls, evaluating ACLs from config at each hop.

Monitoring

Real-time change monitoring

Detects changes from real device data, not audit logs. Compares live snapshots to catch what audit trails miss.

Alerting

Routed alerts on every change

Instant notifications on config drift, sync failures, and state changes, routed to every channel and incident system you connect.

Topology

Interactive network map

Drag-arrange topology with auto-discovered connections, device grouping, and color-coded health status.

Compliance

Automated compliance auditing

Run fleet-wide compliance checks with remediation tracking, waivers, and exportable reports per framework.

Export

Multi-format data export

Export any dataset as CSV, XLSX, HTML, or PDF with search filters applied. One click from any panel.

Access Control

RBAC with LDAP integration

Granular permission-based roles with LDAP group mapping, custom roles, and per-user scoping.

Terminal

In-browser device terminal

Open an SSH session to any device from the browser, with tab-completion and cursor-aware line editing. No jump host to babysit.

Forensics

Forensic evidence collection

Collect per-command device bundles for incident response, each file and the whole archive stamped with SHA-256.

Detection

Custom detection rules

Author rules on any config change with a dry-run preview, then fire notifications or queue AI analysis on a match.

Reliability

High-availability clustering

Run SAMURAI itself in an active/passive cluster with heartbeat and automatic failover. No single point of failure.

TLS

Built-in TLS management

Generate a CSR, install your certificate, and manage the platform's own HTTPS from Settings. Bring your own PKI.

Networking

Outbound proxy support

Reach devices through a SOCKS5 or direct proxy for segmented and restricted networks, with a caching resolver.

Integrations

Route every event where your team already works

Connect the notification channels, incident systems, and AI providers you already run. SAMURAI delivers config drift, sync failures, and state changes wherever your team will see them. It also runs analysis with the model you choose.

Notification channels7
Email (SMTP)

Delivery through your own mail server, no third party.

Slack

Routed events posted to the channels you pick.

Telegram

Push alerts to bots, groups, or direct chats.

Discord

Event posts to your server channels via webhook.

Microsoft Teams

Routed events posted to your Teams channels.

Syslog (SIEM)

Stream events over syslog to your SIEM.

Webhook

Raw event payloads to any HTTP endpoint you run.

Incident systems2
TheHive

Open cases from network events for triage.

Jira

Raise issues in the projects your team already tracks.

AI providers4
Ollama (local)

Local LLM inference. Analysis stays on your network.

OpenAI / compatible

Point at OpenAI or any compatible endpoint.

Claude (Anthropic)

Use Anthropic Claude models for analysis and summaries.

Amazon Bedrock

Run analysis through models on AWS Bedrock.

How it works

01

Register devices

Add your APIC controllers, FMC, NDO, Palo Alto firewalls, routers, and switches. SAMURAI auto-detects the platform and applies the right command profile.

02

Background sync

Background workers fetch configs, routes, MAC/ARP tables, neighbors, and policies from every device. Endpoints are correlated automatically.

03

Query, trace, monitor

Search the entire endpoint table. Trace traffic paths. Browse configs. View topology maps. Compare snapshots side by side.

04

Alert on drift

Real-data change detection captures meaningful diffs. Telegram and email alerts notify you of configuration drift. Export data for compliance audits.

One docker run command. That's the entire install.

Self-hosted. No cloud dependency. No agents to deploy. Fits on a single VM. Five minutes from zero to full visibility.

terminal · deploy