Six primitives.
One unified surface.
Every capability is built around the same data model: devices, endpoints, paths, policies, changes, and snapshots, queryable through one API.
Simulate any traffic path. Across any vendor. With ACL checks at every hop.
Enter a 5-tuple (source, destination, protocol, ports) and SAMURAI traces the packet hop by hop across routers, switches, and firewalls. Every ACL along the path is evaluated. Forward and reverse paths are traced automatically.
- Forward + reverse path tracing
- ACL checks with wildcard masks and port ranges
- Works across IOS, NX-OS, IOS-XR, PAN-OS, and FTD
- Visual diff between any two snapshots
Catch every meaningful change. Ignore the noise.
Every sync compares real device data against the previous snapshot, not audit logs. Volatile fields are filtered automatically. Only when something meaningful changes is a new snapshot stored.
- Smart deduplication, no duplicate snapshots
- Configurable snapshot history (default 168 per collection)
- Side-by-side diff viewer for any two snapshots
- Telegram alerts on configuration drift
See what your firewalls actually allow
SAMURAI resolves the effective permitted space across your rule base, not just what a rule says but what traffic really gets through. It flags shadowed, redundant, and overly broad rules and scores each by exposure. Configuration analysis on real device data.
- Effective access: compute end-to-end permitted space across the whole rule set, with objects and NAT resolved.
- Rule hygiene: surface shadowed, redundant, and overly broad rules automatically.
- Risk scoring: rank rules by exposure so the widest-open ones surface first.
- One model across vendors: Palo Alto, Cisco FTD, FortiGate, Juniper SRX, and ACI in a canonical policy view.
An analyst that learns your network.
SAMURAI's AI reads every configuration change, classifies it by severity, and cuts the noise using facts it curates about your own fabric. Analysis you can audit, not autopilot.
- Auto-curated network memory, learned as durable facts.
- Every change classified by severity, so real anomalies surface.
- Self-auditing, human-in-the-loop: edit or lock any fact.
- Runs on your model, on-prem or cloud, your choice.
And dozens more tools for day-to-day ops
Endpoint discovery & correlation
Correlate MAC, ARP, DHCP, CDP/LLDP, 802.1X, and APIC hosts into a unified endpoint inventory with OUI vendor lookup.
Hop-by-hop traffic simulation
Simulate any 5-tuple path across routers, switches, and firewalls, evaluating ACLs from config at each hop.
Real-time change monitoring
Detects changes from real device data, not audit logs. Compares live snapshots to catch what audit trails miss.
Routed alerts on every change
Instant notifications on config drift, sync failures, and state changes, routed to every channel and incident system you connect.
Interactive network map
Drag-arrange topology with auto-discovered connections, device grouping, and color-coded health status.
Automated compliance auditing
Run fleet-wide compliance checks with remediation tracking, waivers, and exportable reports per framework.
Multi-format data export
Export any dataset as CSV, XLSX, HTML, or PDF with search filters applied. One click from any panel.
RBAC with LDAP integration
Granular permission-based roles with LDAP group mapping, custom roles, and per-user scoping.
In-browser device terminal
Open an SSH session to any device from the browser, with tab-completion and cursor-aware line editing. No jump host to babysit.
Forensic evidence collection
Collect per-command device bundles for incident response, each file and the whole archive stamped with SHA-256.
Custom detection rules
Author rules on any config change with a dry-run preview, then fire notifications or queue AI analysis on a match.
High-availability clustering
Run SAMURAI itself in an active/passive cluster with heartbeat and automatic failover. No single point of failure.
Built-in TLS management
Generate a CSR, install your certificate, and manage the platform's own HTTPS from Settings. Bring your own PKI.
Outbound proxy support
Reach devices through a SOCKS5 or direct proxy for segmented and restricted networks, with a caching resolver.
Route every event where your team already works
Connect the notification channels, incident systems, and AI providers you already run. SAMURAI delivers config drift, sync failures, and state changes wherever your team will see them. It also runs analysis with the model you choose.
Delivery through your own mail server, no third party.
Routed events posted to the channels you pick.
Push alerts to bots, groups, or direct chats.
Event posts to your server channels via webhook.
Routed events posted to your Teams channels.
Stream events over syslog to your SIEM.
Raw event payloads to any HTTP endpoint you run.
Open cases from network events for triage.
Raise issues in the projects your team already tracks.
Local LLM inference. Analysis stays on your network.
Point at OpenAI or any compatible endpoint.
Use Anthropic Claude models for analysis and summaries.
Run analysis through models on AWS Bedrock.
How it works
Register devices
Add your APIC controllers, FMC, NDO, Palo Alto firewalls, routers, and switches. SAMURAI auto-detects the platform and applies the right command profile.
Background sync
Background workers fetch configs, routes, MAC/ARP tables, neighbors, and policies from every device. Endpoints are correlated automatically.
Query, trace, monitor
Search the entire endpoint table. Trace traffic paths. Browse configs. View topology maps. Compare snapshots side by side.
Alert on drift
Real-data change detection captures meaningful diffs. Telegram and email alerts notify you of configuration drift. Export data for compliance audits.
One docker run command. That's the entire install.
Self-hosted. No cloud dependency. No agents to deploy. Fits on a single VM. Five minutes from zero to full visibility.