diff --git a/rules/linux/auditd/lnx_auditd_masquerading_crond.yml b/rules/linux/auditd/lnx_auditd_masquerading_crond.yml
index 3306a3ac6..8e0e6012e 100644
--- a/rules/linux/auditd/lnx_auditd_masquerading_crond.yml
+++ b/rules/linux/auditd/lnx_auditd_masquerading_crond.yml
@@ -2,6 +2,7 @@ title: Masquerading as Linux crond process
 status: experimental
 description: Masquerading occurs when the name or location of an executable, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed.
 author: Timur Zinniatullin, oscd.community
+date: 2019/10/21
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.yaml
 logsource: