diff --git a/README.md b/README.md
index 38aa1ff..6b191f6 100644
--- a/README.md
+++ b/README.md
@@ -2,14 +2,6 @@
 
 Connect your mail client to [MISP](https://github.com/MISP/MISP) in order to create events based on the information contained within mails.
 
-For the moment, the implemented workflow is:
-
-1. `Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP`
-
-Thunderbird will be targeted soon.
-
-
-
 ## Features
 
 - Extraction of URLs and IP addresses (and port numbers) from free text emails
@@ -24,6 +16,30 @@ Thunderbird will be targeted soon.
 - Ignore 'whitelisted' domains (configurable)
 - Automatically create 'external analysis' links based on filter list (e.g. VirusTotal, malwr.com)
 
+## Implementation
+
+For the moment, the implemented workflow is:
+
+1. `Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP`
+
+Thunderbird will be targeted soon.
+
+## Installation
+
+### Apple Mail
+
+1. Mail rule script
+- git clone this repository
+- open the AppleScript file MUA/Apple/Mail/MISP Mail Rule Action.txt in Apple's 'Script Editor'
+- adjust the path to the python installation and location of the mail_to_misp.py script
+- save it in ~/Library/Application Scripts/com.apple.mail/
+2. Create a mail rule based on your needs, executing the AppleScript defined before
+3. Configure mail_to_misp_config.py
+
+You should be able to create MISP events now.
+
+
+
 ## Requirements
 
 mail_to_misp requires access to a MISP instance (via API).