Table 9 Query delay of different complexity by OSQuery and THKG
From: A flexible approach for cyber threat hunting based on kernel audit records
| Â | Platform | Data size (MB) | Simple node query (ms) | Complex path query (ms) | Statistical summary (ms) |
|---|---|---|---|---|---|
OSQuery | Win_2 | 24,610 | 13 | 12,459 | 400,993 |
Linux_2 | 6435 | 237 | 6257 | 78,347 | |
BSD_2 | 3799 | 156 | 2708 | 39,238 | |
THKG | Win_2 | 24,610 | 15 | 11,031 | 361,092 |
Linux_2 | 6435 | 279 | 6000 | 73,413 | |
BSD_2 | 3799 | 170 | 2551 | 36,378 |