The platform

Six primitives.
One unified surface.

Every capability is built around the same data model: devices, endpoints, paths, policies, changes, and snapshots, queryable through one API.

Discovery

See every endpoint, even the ones nobody told you about

SAMURAI correlates MAC, IP, ARP, DHCP snooping, CDP/LLDP neighbors, 802.1X sessions, and APIC fabric hosts across every switch, router, and controller into one unified endpoint table with OUI vendor lookup.

  • Field-scoped search with subnet matching
  • Multi-source correlation (MAC, ARP, DHCP, CDP/LLDP, 802.1X, APIC)
  • OUI vendor identification from 39K-entry IEEE database
  • Background sync keeps data fresh without live queries
Scroll to explore · 1/8
Overview
samurai / overview
SAMURAI
dc1-production
Overview
dc1-production · all systems operational
24
Total
22
Online
1
Warning
1
Offline
Cisco APIC2
2/2 online2,841 eps
apic-fab-01.dc1apic-fab-02.dc2
Firewall (FTD)3
3/3 online1,203 eps
ftd-edge-02ftd-edge-03ftd-dmz-01
Palo Alto2
1/2 online882 eps
pan-pa-5260pan-pa-3260
Router4
4/4 online412 eps
asr-core-r1asr-core-r2asr-edge-r1asr-edge-r2
Switch12
11/12 online8,146 eps
n9k-leaf-04n9k-spine-01cat-9300-15...
Cisco ISE1
1/1 online
ise-psn-01
Analysis

Trace any traffic path. Across any vendor. With ACL evaluation.

Enter a 5-tuple (source, destination, protocol, ports) and SAMURAI traces the packet hop by hop across routers, switches, and firewalls. Every ACL along the path is evaluated. Forward and reverse paths are traced automatically.

  • Forward + reverse path tracing
  • ACL evaluation with wildcard masks and port ranges
  • Works across IOS, NX-OS, IOS-XR, PAN-OS, and FTD
  • Visual diff between any two snapshots
samurai / path-trace
Source
10.10.3.100
Destination
10.20.5.42
Protocol
TCP/443
Trace
Forward path6 hops · 4.2msPERMITTED
1n9k-leaf-04Eth1/12 → Eth1/48L2 switchforward
2asr-core-r1Gi0/0/2 → Gi0/0/4L3 routedOSPF area 0
3ftd-edge-02TenGi1/3 → TenGi1/5FirewallACL: allow-web
4asr-edge-r2Gi0/1/1 → Gi0/1/3L3 routedBGP AS 65010
5pan-pa-5260ethernet1/3 → ethernet1/8Firewallrule: app-tier
6n9k-leaf-12Eth1/22L2 switchdelivered
Monitoring

Catch every meaningful change. Ignore the noise.

Every sync compares real device data against the previous snapshot, not audit logs. Volatile fields are filtered automatically. Only when something meaningful changes is a new snapshot stored.

  • Smart deduplication, no duplicate snapshots
  • Configurable snapshot history (default 168 per collection)
  • Side-by-side diff viewer for any two snapshots
  • Telegram alerts on configuration drift
samurai / changes / diff
asr-core-r1 · running_config
- 2026-05-26 14:30 UTC+ 2026-05-27 02:15 UTC
12 ip access-list extended OUTSIDE_IN
13 permit tcp any host 10.10.1.5 eq 22
14+ permit tcp any host 10.10.1.5 eq 443
15+ permit tcp any host 10.10.1.5 eq 8443
16- permit tcp any host 10.10.1.5 eq 80
17 deny ip any any log
18 !
19+ip route 10.20.0.0 255.255.0.0 10.10.1.1
20-ip route 10.20.0.0 255.255.0.0 10.10.1.254
21 ip route 0.0.0.0 0.0.0.0 10.10.0.1

And dozens more tools for day-to-day ops

Discovery

Endpoint discovery & correlation

Correlate MAC, ARP, DHCP, CDP/LLDP, 802.1X, and APIC hosts into a unified endpoint inventory with OUI vendor lookup.

Traffic Sim

Hop-by-hop traffic simulation

Trace any 5-tuple packet path across routers, switches, and firewalls, with ACL evaluation at each hop.

Monitoring

Real-time change monitoring

Detects changes from real device data, not audit logs. Compares live snapshots to catch what audit trails miss.

Alerting

Telegram, email & in-app alerts

Instant notifications on config drift, sync failures, and state changes via Telegram, email, and the built-in alert dashboard.

Topology

Interactive network map

Drag-arrange topology with auto-discovered connections, device grouping, and color-coded health status.

Compliance

Automated compliance auditing

Run fleet-wide compliance checks with remediation tracking, waivers, and exportable reports per framework.

Export

Multi-format data export

Export any dataset as CSV, XLSX, HTML, or PDF with search filters applied. One click from any panel.

Access Control

RBAC with LDAP integration

Granular permission-based roles with LDAP group mapping, custom roles, and per-user scoping.

How it works

01

Register devices

Add your APIC controllers, FMC, NDO, Palo Alto firewalls, routers, and switches. SAMURAI auto-detects the platform and applies the right command profile.

02

Background sync

Background workers fetch configs, routes, MAC/ARP tables, neighbors, and policies from every device. Endpoints are correlated automatically.

03

Query, trace, monitor

Search the entire endpoint table. Trace traffic paths. Browse configs. View topology maps. Compare snapshots side by side.

04

Alert on drift

Real-data change detection captures meaningful diffs. Telegram and email alerts notify you of configuration drift. Export data for compliance audits.

One docker run command. That's the entire install.

Self-hosted. No cloud dependency. No agents to deploy. Fits on a single VM. Five minutes from zero to full visibility.

terminal · deploy