diff --git a/doc/expansion/cytomic_orion.py b/doc/expansion/cytomic_orion.py
new file mode 100644
index 00000000..6f87657c
--- /dev/null
+++ b/doc/expansion/cytomic_orion.py
@@ -0,0 +1,9 @@
+{
+    "description": "An expansion module to enrich attributes in MISP by quering the Cytomic Orion API",
+    "logo": "logos/cytomic_orion.png",
+    "requirements": ["Access (license) to Cytomic Orion"],
+    "input": "MD5, hash of the sample / malware to search for.",
+    "output": "MISP objects with sightings of the hash in Cytomic Orion. Includes files and machines.",
+    "references": ["https://www.vanimpe.eu/2020/03/10/integrating-misp-and-cytomic-orion/", "https://www.cytomicmodel.com/solutions/"],
+    "features": "This module takes an MD5 hash and searches for occurrences of this hash in the Cytomic Orion database. Returns observed files and machines."
+}
diff --git a/doc/logos/cytomic_orion.png b/doc/logos/cytomic_orion.png
new file mode 100644
index 00000000..45704e92
Binary files /dev/null and b/doc/logos/cytomic_orion.png differ