Pattern 23 : Crontab File Editing
Classification
| Rule Name | Rule Type | Common Event | Classification |
| Pattern 23 : Crontab File Editing | Base Rule | Object Read | Access Success |
| List Crontab Files | Sub Rule | Object Read | Access Success |
| Begin Editing Crontab File | Sub Rule | Object Modified | Access Success |
| End Editing Crontab File | Sub Rule | Object Modified | Access Success |
| Replace Crontab File | Sub Rule | Object Added | Access Success |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <login> | Text\String |
| N/A | <object> | Text\String |
| N/A | <tag1> | Text\String |