diff --git a/Falco-Rules.md b/Falco-Rules.md
index 9ee5b47..b498ef4 100644
--- a/Falco-Rules.md
+++ b/Falco-Rules.md
@@ -18,6 +18,7 @@ A Rule is a node containing the following keys:
 * _condition_: a filtering expression that is applied against events to see if they match the rule.
 * _desc_: a longer description of what the rule detects
 * _output_ and _priority_: The output format specifies the message that should be output if a matching event occurs, and follows the Sysdig [output format syntax](http://www.sysdig.org/wiki/sysdig-user-guide/#output-formatting). The priority is a case-insensitive representation of severity and should be one of "emergency", "alert", "critical", "error", "warning", "notice", "informational", or "debug".
+* (optional) enabled: can be either `true` or `false`. If `enabled=false`, a rule will not be loaded nor will it be matched against any events. The default for `enabled` is `true`.
 
 ## Conditions