Please refer with your answers with q1/q2/q3, questions are broad but I wanna clear answers. But ofc feel free to not follow that recommendation
My knowledge of how Auditor works based on https://attestation.app/about , https://attestation.app/tutorial & https://github.com/GrapheneOS/Auditor/issues/24 .
I assume anyone who will answer my questions know information listed at links above or know more then described under links above.
So my questions:
Q1:
QR-code which generated on attestation.app and need to be scanned by Auditor contains auditor host name and config with probably id/route for audit reports. If I deploy my own attestation app instance and replace host for generating QR-codes will Auditor report to specified host instead of attestation.app?
Q2:
Does Auditor purposes include intrusion detection? I mean is a case when device get compromised in list of issues whose Auditor try to cover in order to help users? If this is not a case, then Q3 and Q4 have no sense.
Q3:
Maybe there is a way to LOWERING 'Permitted delay until alerts (hours)'? I mean set it to lower value then 32 hours. Better to know that device was compromised after 10-12h of missing reports then after 32h.
Q4:
Let say my device was compromised in attestation time window: for example last one attestation was 18:00, second one scheduled on 20:00 and device get compromised at 19:00. Will Auditor help here until 20:00? And if yes, so, how exactly?