diff --git a/docs/doxygen-user/ct_malware_scanner.dox b/docs/doxygen-user/ct_malware_scanner.dox
new file mode 100644
index 0000000000000000000000000000000000000000..4d4939415656bc33ec8472349fccc1fd73d1646f
--- /dev/null
+++ b/docs/doxygen-user/ct_malware_scanner.dox
@@ -0,0 +1,28 @@
+/*! \page ct_malware_scanner Cyber Triage Malware Scanner
+
+[TOC]
+
+
+\section ct_malware_scanner_overview Overview
+
+The Malware Scanner Ingest Module uses Cyber Triage Cloud to identify if any executables in a data source are malware based on the executable's md5 hash.
+
+\section ct_malware_scanner_config Configuration
+
+Before using the Malware Scanner Ingest Module, you must register a Cyber Triage Cloud License.  A license number can be added by selecting the 'Options' menu item from the 'Tools' menu, going to the 'Cyber Triage' tab, and then clicking 'Add License'.
+
+\image html ct_malware_scanner_options_panel.png
+
+The user will then be presented with a dialog to enter your license number.  Enter your license number and then press 'OK'.  If your license number is validated, you will be presented with the Cyber Triage End User License Agreement.  The window may take a moment to load.
+
+\image html ct_malware_license_agreement.png
+
+Read through the license agreement, and press 'Accept'.  At that point, your options panel should load with information pertaining to remaining lookups.
+
+\image html ct_upload_file.png
+
+\section ct_upload_executable Uploading Executable
+
+In the screenshot above, there is the option “Upload executable if executable is unknown.”  In the event that an executable has not previously been seen by Cyber Triage Cloud, this option provides the ability to upload the executable for scanning.  This option may cause increased processing time in order to upload the file and wait for scanning to complete.
+
+*/
diff --git a/docs/doxygen-user/images/ct_malware_license_agreement.png b/docs/doxygen-user/images/ct_malware_license_agreement.png
new file mode 100644
index 0000000000000000000000000000000000000000..030a722e469c6ba1964a40fb9b5c3efcc99d11ce
Binary files /dev/null and b/docs/doxygen-user/images/ct_malware_license_agreement.png differ
diff --git a/docs/doxygen-user/images/ct_malware_scanner_options_panel.png b/docs/doxygen-user/images/ct_malware_scanner_options_panel.png
new file mode 100644
index 0000000000000000000000000000000000000000..1f45693d138a12a838aba40ab18a31f65c5f6d82
Binary files /dev/null and b/docs/doxygen-user/images/ct_malware_scanner_options_panel.png differ
diff --git a/docs/doxygen-user/images/ct_upload_file.png b/docs/doxygen-user/images/ct_upload_file.png
new file mode 100644
index 0000000000000000000000000000000000000000..38c595330d609bcf6ade1072a90a3e63f2eedc52
Binary files /dev/null and b/docs/doxygen-user/images/ct_upload_file.png differ
diff --git a/docs/doxygen-user/main.dox b/docs/doxygen-user/main.dox
index a31367ff6cd2d9ac6822ca2ff2ec2d040f32dccb..61f42084a7996fb664cf85554f0611d4c6290c72 100644
--- a/docs/doxygen-user/main.dox
+++ b/docs/doxygen-user/main.dox
@@ -58,6 +58,7 @@ The following topics are available here:
  - \subpage ileapp_page
  - \subpage aleapp_page
  - \subpage yara_page
+ - \subpage ct_malware_scanner
 
 - Reviewing the Results
  - \subpage uilayout_page