Runbooks (Automated Internal Processes)

Runbooks are Merlino’s internal automation processes. They execute repeatable operations that keep your workbook consistent, updated, and analysis-ready. Runbooks are designed to reduce manual effort and ensure that posture, intelligence, and testing workflows remain aligned as data evolves.

What runbooks are used for

• Refresh the global security posture
  Update core posture components and recalculate workbook views after data changes, imports, or methodology updates.
• Enable advanced CTI-driven statistics
  Run richer intelligence analysis by intersecting multiple cyber datasets to surface relationships, patterns, and priorities that are difficult to identify manually.
• Enrich tests and red team operations with CTI context
  Inject CTI insights into testing workflows, helping you connect observed techniques with likely adversary context and use that information to drive more realistic validation and operational planning.

How it works

1. Open the Runbooks panel.
2. Select one or more runbooks to execute.
3. Press Run to start the selected processes.
4. Merlino updates tables, calculations, and views depending on the chosen runbooks.

Examples of runbooks

• Update Core – updates core components such as techniques, data sources, tests, and catalogue content.
• Smart View – applies analysis to your selections and highlights techniques based on frequency and related context.
• Set All Picks False – resets selection flags across target tables to prepare for a clean analysis run.
• Include Picks in Catalogue – promotes selected items into the catalogue to support downstream workflows.

Best practices

• Run Update Core after importing new MITRE or source datasets to ensure all workbook views are consistent.
• Use runbooks to standardise repetitive steps across projects and customers, improving repeatability and delivery speed.
• Treat runbooks as part of the methodology: they exist to keep posture, intelligence, and validation connected end-to-end.

Evolution over time

Runbooks are updated and enriched continuously. New runbooks and enhancements are introduced periodically to support new data sources, improved CTI analytics, and tighter integration between intelligence, testing, and operational workflows.