legitimate use of crontab

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/linux/process_creation/proc_creation_lnx_crontab_enumeration.yml>sigma
technicques: t1007

Techniques

Detects usage of crontab to list the tasks of the user

condition: selection
selection:
  CommandLine|contains: ' -l'
  Image|endswith: /crontab