diff --git a/_config.yml b/_config.yml
index 28ba52b7d..ce1c45574 100644
--- a/_config.yml
+++ b/_config.yml
@@ -10,7 +10,7 @@ anomaly_detection_docs_uri: docs/anomaly-detection.html
 api_docs_uri: docs/api.html
 arkime_docs_uri: docs/arkime.html
 components_docs_uri: docs/components.html
-configuring_docs_uri: docs/malcolm-config.html
+configuring_docs_uri: docs/malcolm-preparation.html
 contributing_docs_uri: docs/contributing-guide.html
 dashboards_docs_uri: docs/dashboards.html
 hardening_docs_uri: docs/hardening.html
diff --git a/docs/running.md b/docs/running.md
index 7c66f422c..aa04241df 100644
--- a/docs/running.md
+++ b/docs/running.md
@@ -1,5 +1,18 @@
 ## <a name="Running"></a>Running Malcolm
 
+* [Running Malcolm](#Running)
+    * [OpenSearch instances](opensearch-instances.md#OpenSearchInstance)
+        * [Authentication and authorization for remote OpenSearch clusters](opensearch-instances.md#OpenSearchAuth)
+    * [Configure authentication](authsetup.md#AuthSetup)
+        * [Local account management](authsetup.md#AuthBasicAccountManagement)
+        * [Lightweight Directory Access Protocol (LDAP) authentication](authsetup.md#AuthLDAP)
+            - [LDAP connection security](authsetup.md#AuthLDAPSecurity)
+    * [TLS certificates](authsetup.md#TLSCerts)
+    * [Starting Malcolm](#Starting)
+    * [Stopping and restarting Malcolm](#StopAndRestart)
+    * [Clearing Malcolm's data](#Wipe)
+    * [Temporary read-only interface](#ReadOnlyUI)
+
 ### <a name="Starting"></a>Starting Malcolm
 
 [Docker compose](https://docs.docker.com/compose/) is used to coordinate running the Docker containers. To start Malcolm, navigate to the directory containing `docker-compose.yml` and run:
diff --git a/docs/upload.md b/docs/upload.md
index e142deb72..c2310b58e 100644
--- a/docs/upload.md
+++ b/docs/upload.md
@@ -1,5 +1,9 @@
 ## <a name="Upload"></a>Capture file and log archive upload
 
+* [Capture file and log archive upload](#Upload)
+    - [Tagging](#Tagging)
+    - [Processing uploaded PCAPs with Zeek and Suricata](#UploadPCAPProcessors)
+
 Malcolm serves a web browser-based upload form for uploading PCAP files and Zeek logs at [https://localhost/upload/](https://localhost/upload/) if you are connecting locally.
 
 ![Capture File and Log Archive Upload](./images/screenshots/malcolm_upload.png)