Merlino

Merlino is not another security product. It is a methodology that lives above your security stack, orchestrating Cyber Threat Intelligence, Red Team, and Blue Team operations into a unified Purple Teaming workflow -- all inside Microsoft Excel.

Instead of replacing your tools, Merlino connects them. MITRE ATT&CK, Microsoft Sentinel, Defender, Intune, MITRE Caldera, MISP, Exploit-DB, and AI providers all feed into a single workbench where you follow a structured, repeatable methodology with high-speed productivity.

Key Capabilities:

- MITRE ATT&CK -- Import techniques, groups, campaigns, and software from Enterprise, Mobile, ICS, and Azure frameworks. Build threat profiles and visualize coverage with interactive heatmaps.

- Blue Team Coverage -- Measure detection coverage across Microsoft Sentinel, Defender for Office 365, and Intune. Identify gaps between your threat profile and your deployed defenses.

- Red Team Operations -- Connect to MITRE Caldera to manage agents, execute adversary emulation, and synchronize results back into Excel.

- AI-Powered Analysis -- Use OpenAI, Mistral, or Microsoft Copilot to generate threat assessments and contextual recommendations.

- Exploit Database -- Search and map 46,000+ exploits to MITRE ATT&CK techniques.

- IOC Management -- Push indicators of compromise to MISP and visualize entity relationships.

- Automated Reports -- Generate professional HTML threat intelligence reports from your analysis.

Who is Merlino for?

- SOC analysts measuring detection coverage

- Threat intelligence analysts building adversary profiles

- Red team operators planning engagements

- Security managers reporting on risk posture

Merlino works on Excel Desktop (Windows and Mac) and Excel on the web (Office 365).