diff --git a/docs/Hook-Rules.md b/docs/Hook-Rules.md
index 52947aa..68b83d3 100644
--- a/docs/Hook-Rules.md
+++ b/docs/Hook-Rules.md
@@ -186,7 +186,39 @@ For the regex syntax, check out <http://golang.org/pkg/regexp/syntax/>
 }
 ```
 
-### 4. Match Whitelisted IP range
+### 4. Match payload-hash-sha256
+```json
+{
+  "match":
+  {
+    "type": "payload-hash-sha256",
+    "secret": "yoursecret",
+    "parameter":
+    {
+      "source": "header",
+      "name": "X-Signature"
+    }
+  }
+}
+```
+
+### 5. Match payload-hash-sha512
+```json
+{
+  "match":
+  {
+    "type": "payload-hash-sha512",
+    "secret": "yoursecret",
+    "parameter":
+    {
+      "source": "header",
+      "name": "X-Signature"
+    }
+  }
+}
+```
+
+### 6. Match Whitelisted IP range
 
 The IP can be IPv4- or IPv6-formatted, using [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_blocks).  To match a single IP address only, use `/32`.
 
@@ -200,7 +232,7 @@ The IP can be IPv4- or IPv6-formatted, using [CIDR notation](https://en.wikipedi
 }
 ```
 
-### 5. Match scalr-signature
+### 7. Match scalr-signature
 
 The trigger rule checks the scalr signature and also checks that the request was signed less than 5 minutes before it was received. 
 A unqiue signing key is generated for each webhook endpoint URL you register in Scalr.