diff --git a/rules/linux/lnx_schedule_task_job_cron.yml b/rules/linux/lnx_schedule_task_job_cron.yml
index dc37f2270..3c0acd950 100644
--- a/rules/linux/lnx_schedule_task_job_cron.yml
+++ b/rules/linux/lnx_schedule_task_job_cron.yml
@@ -12,7 +12,7 @@ logsource:
 detection:
   selection:
     ProcessName|endswith:
-      - 'crontab'
+      - '/crontab'
     CommandLine|contains:
       - '/tmp/'
   condition: selection