BLOG ◆ SEP 18, 2021

What You Need to Know About Our ASM On-Demand Remediation Validation

Attack Surface Management
A digital illustration of a server or data storage device with connected lines on a dark background.

With new revelations like the Confluence code execution vulnerability, we are reminded how important immediate and accurate information about infrastructure is to security practitioners. Out-of-date software and exposed internal services are unfortunately common and can result in data loss and security breaches when vulnerabilities are uncovered.

On-Demand Remediation Validation

Now in the Censys ASM Platform, security practitioners can check for the presence of a vulnerability and validate any remediation that has taken place, all within the platform. Using our On-Demand Remediation Validation, customers now have the ability to re-scan their own infrastructure for known services once a remediation has been implemented. In the case of the new Confluence vulnerability, a risk will appear at the top of the page indicating remediation should take place for any host running a vulnerable version of Confluence software.

on-demand-remediation-validation.png
Above we have a host with a few issues: an instance of the “Vulnerable Confluence Service” risk, along with multiple ports exposing an end-of-life version of Nginx.

After the service has been upgraded or removed from public access, simply click the “Refresh Known Services” button on the page for that host. In the background, we initiate a low-impact scan of services already present on that host. This scan can detect changes in risks and software; services that are not publicly accessible will no longer be visible in the platform.

scanned-host.png
The host is being scanned and updated using the same pipeline we provide for asset discovery and updating.

Once the “Refresh Known Services” is complete, the host page will reflect removed services and risks, along with any updated software. Most service refreshes will finish in less than 1 minute and will include any of the names we find associated with the host.

removed-services-and-risks.png
The previously exposed Confluence instance is no longer online and Nginx has been updated to a current supported version.

Practitioners First

With On-Demand Remediation Validation, security practitioners can now get instant feedback and no longer need to wait until our next scan cycle for changes to be picked up. This enables practitioners to instantly validate that an issue has been resolved and that a risk is no longer present in the organization’s attack surface. If required by compliance or other mandates, they may also collect evidence from the ASM platform that the issue has been resolved and use this to close any internal tracking or ticket.

AUTHOR
The Censys Team
Back to resource hub
Related Content
View all
A bar chart with a star icon in the center on a light blue background.
Blog
NetSupport Manager: Tracking Dual-Use Remote Administration Infrastructure
Censys ARC logo
Blog
Censys Unveils Censys ARC, Formalizing Its Global Internet Threat Research Team
A digital illustration of a server or data storage device with connected lines on a dark background.
Blog
Hunting Cameras in the Dark: Finding Internet Cameras Before Adversaries Do

US: +1-888-985-5547

Intl: +1-877-438-9159

connect@censys.com

Subscribe to our newsletter

Subscribe to our newsletter

Copyright © 2026 Censys  |  Data Retention Policy  |  Terms & Conditions  |  Privacy Policy