Live Rescan

Use Live Rescan to determine whether a previously-observed service is still present on a host port. Live Rescan provides you with the ability to update and validate internet intelligence by scanning individual services or endpoints, without waiting for the next scheduled Censys scan. A rescan shows the most current view of a host port and helps you identify persistent threats, find newly surfaced malicious infrastructure, and validate remediation workflows.

Live Rescan is available to users on the Core and Enterprise plans. It can be used with tools from the Threat Hunting Module to enhance threat investigations.

Live Rescan can be executed on any service or endpoint on a host.

Censys enforces global host rate limits to prevent overloading hosts during scans.

Follow the steps below to use Live Rescan.

1. Identify the service or endpoint on a host that you want to rescan.

2. Click the Live Rescan button. A message indicating the scan is in progress will appear in the bottom-right. The scan may take a few minutes to complete.

   

3. After the scan completes, a message will appear in the rescan box. Click View difference in results to see what changed after the rescan.

   

4. You are redirected to the Event History tab. In the example below, 97 changes were found between the original data and the data obtained from a rescan.

   

   The rescan comparison view displays a side-by-side snapshot of the service's previous and current state and details the data that changed between scans. The left table shows the older scan. If the new scan did not detect a service on the target port, then the right table in the diff chart will be empty.