The platform

Six primitives.
One unified surface.

Every capability is built around the same data model: devices, endpoints, paths, policies, changes, and snapshots — queryable through one API.

Discovery

See every endpoint, even the ones nobody told you about

SAMURAI correlates MAC, IP, ARP, DHCP snooping, CDP/LLDP neighbors, 802.1X sessions, and APIC fabric hosts — across every switch, router, and controller — into one unified endpoint table with OUI vendor lookup.

  • Field-scoped search with subnet matching
  • Multi-source correlation (MAC, ARP, DHCP, CDP/LLDP, 802.1X, APIC)
  • OUI vendor identification from 39K-entry IEEE database
  • Background sync keeps data fresh without live queries
Scroll to explore · 1/8
Overview
samurai / overview
SAMURAI
dc1-production
Overview
dc1-production · all systems operational
24
Total
22
Online
1
Warning
1
Offline
Cisco APIC2
2/2 online2,841 eps
apic-fab-01.dc1apic-fab-02.dc2
Firewall (FTD)3
3/3 online1,203 eps
ftd-edge-02ftd-edge-03ftd-dmz-01
Palo Alto2
1/2 online882 eps
pan-pa-5260pan-pa-3260
Router4
4/4 online412 eps
asr-core-r1asr-core-r2asr-edge-r1asr-edge-r2
Switch12
11/12 online8,146 eps
n9k-leaf-04n9k-spine-01cat-9300-15...
Cisco ISE1
1/1 online
ise-psn-01
Analysis

Trace any traffic path. Across any vendor. With ACL evaluation.

Enter a 5-tuple — source, destination, protocol, ports — and SAMURAI traces the packet hop by hop across routers, switches, and firewalls. Every ACL along the path is evaluated. Forward and reverse paths are traced automatically.

  • Forward + reverse path tracing
  • ACL evaluation with wildcard masks and port ranges
  • Works across IOS, NX-OS, IOS-XR, PAN-OS, and FTD
  • Visual diff between any two snapshots
samurai / path-trace
Source
10.10.3.100
Destination
10.20.5.42
Protocol
TCP/443
Trace
Forward path6 hops · 4.2msPERMITTED
1n9k-leaf-04Eth1/12 → Eth1/48L2 switchforward
2asr-core-r1Gi0/0/2 → Gi0/0/4L3 routedOSPF area 0
3ftd-edge-02TenGi1/3 → TenGi1/5FirewallACL: allow-web
4asr-edge-r2Gi0/1/1 → Gi0/1/3L3 routedBGP AS 65010
5pan-pa-5260ethernet1/3 → ethernet1/8Firewallrule: app-tier
6n9k-leaf-12Eth1/22L2 switchdelivered
Monitoring

Catch every meaningful change. Ignore the noise.

Every sync compares real device data against the previous snapshot — not audit logs. Volatile fields are filtered automatically. Only when something meaningful changes is a new snapshot stored.

  • Smart deduplication — no duplicate snapshots
  • Configurable snapshot history (default 168 per collection)
  • Side-by-side diff viewer for any two snapshots
  • Telegram alerts on configuration drift
samurai / changes / diff
asr-core-r1 · running_config
- 2026-05-26 14:30 UTC+ 2026-05-27 02:15 UTC
12 ip access-list extended OUTSIDE_IN
13 permit tcp any host 10.10.1.5 eq 22
14+ permit tcp any host 10.10.1.5 eq 443
15+ permit tcp any host 10.10.1.5 eq 8443
16- permit tcp any host 10.10.1.5 eq 80
17 deny ip any any log
18 !
19+ip route 10.20.0.0 255.255.0.0 10.10.1.1
20-ip route 10.20.0.0 255.255.0.0 10.10.1.254
21 ip route 0.0.0.0 0.0.0.0 10.10.0.1

And dozens more tools for day-to-day ops

Discovery

Endpoint discovery & correlation

Correlate MAC, ARP, DHCP, CDP/LLDP, 802.1X, and APIC hosts into a unified endpoint inventory with OUI vendor lookup.

Traffic Sim

Hop-by-hop traffic simulation

Trace any 5-tuple packet path across routers, switches, and firewalls — with ACL evaluation at each hop.

Monitoring

Real-time change monitoring

Detects changes from real device data — not audit logs. Compares live snapshots to catch what audit trails miss.

Alerting

Telegram, email & in-app alerts

Instant notifications on config drift, sync failures, and state changes via Telegram, email, and the built-in alert dashboard.

Topology

Interactive network map

Drag-arrange topology with auto-discovered connections, device grouping, and color-coded health status.

Compliance

Automated compliance auditing

Run fleet-wide compliance checks with remediation tracking, waivers, and exportable reports per framework.

Export

Multi-format data export

Export any dataset as CSV, XLSX, HTML, or PDF with search filters applied — one click from any panel.

Access Control

RBAC with LDAP integration

Granular permission-based roles with LDAP group mapping, custom roles, and per-user scoping.

How it works

01

Register devices

Add your APIC controllers, FMC, NDO, Palo Alto firewalls, routers, and switches. SAMURAI auto-detects the platform and applies the right command profile.

02

Background sync

Background workers fetch configs, routes, MAC/ARP tables, neighbors, and policies from every device. Endpoints are correlated automatically.

03

Query, trace, monitor

Search 13k+ endpoints. Trace traffic paths. Browse configs. View topology maps. Compare snapshots side by side.

04

Alert on drift

Real-data change detection captures meaningful diffs. Telegram and email alerts notify you of configuration drift. Export data for compliance audits.

One docker compose command. That's the entire install.

Self-hosted. No cloud dependency. No agents to deploy. Fits on a single VM. Five minutes from zero to full visibility.

terminal — deploy