How often does VeilScan scan on paid plans?

The Starter and Core plans include monthly scheduled scans. The Pro plan includes weekly scheduled scans. All paid plans also include manual on-demand scan quotas. Scans run automatically — no configuration needed after the initial setup.

What is a delta report?

A delta report is produced by each scheduled rescan and highlights only what changed since the previous scan: new findings that were not present before, findings that have been fixed and are no longer detectable, and changes in the overall Business Impact Score. Delta reports make it easy to track remediation progress and catch regressions without reviewing the full finding list from scratch.

How quickly does VeilScan alert on new critical findings?

When a new Critical or High finding is detected during any scan, VeilScan sends a Slack alert immediately — before the full report is ready. This means your team is notified within minutes of a new serious finding, rather than waiting for the full scan report to arrive.

Feature

Continuous Monitoring: Catch New Vulnerabilities as They Appear

Quick Answer: VeilScan paid plans automatically rescan your verified domains on a weekly or monthly schedule. Each rescan runs the full pipeline and produces a delta report highlighting new findings and fixed findings since the last scan. Slack alerts notify your team immediately when a new Critical or High finding is detected — before the full report is complete.

Why does a point-in-time scan leave you exposed?

A one-off vulnerability scan tells you your security posture on the day of the scan. Every deployment, infrastructure change, or configuration update after that scan potentially introduces new vulnerabilities. If you scan once a year, you have 364 days of unmonitored exposure.

Continuous monitoring runs the scan pipeline repeatedly on a schedule. New vulnerabilities introduced by code deployments, misconfigurations, or newly discovered CVEs against software you run are detected in the next scheduled scan — not discovered months later or during a breach investigation.

How does scheduled scanning work?

After your domain is verified and the Rules of Engagement is signed, scheduled scans run automatically on the cadence for your plan:

Starter — monthly scans of 1 domain
Core — monthly scans of up to 5 domains
Pro — weekly scans of up to 20 domains

No additional configuration is required. Each scheduled scan runs the full pipeline — asset discovery, vulnerability detection, proof verification, attack path analysis, and Business Impact Scoring — and deposits results in your dashboard. You receive an email notification when each scan completes.

What does a delta report show?

Each rescan produces a delta report alongside the full current report. The delta highlights:

New findings — vulnerabilities detected in this scan that were not present in the previous scan. These represent regressions or newly introduced exposure.
Fixed findings — vulnerabilities that were present in the previous scan but are no longer detectable. These confirm that remediation was successful.
Overdue findings — findings from previous scans that have not been remediated within the expected timeframe for their severity.
Business Impact Score change — the overall BIS compared to the previous scan, showing whether the security posture has improved or degraded.

Delta reports are the primary tool for tracking security improvement over time and for demonstrating continuous vulnerability management to auditors.

How do Slack alerts complement scheduled scanning?

Scheduled scans run on a cadence — weekly or monthly. But some vulnerabilities warrant immediate attention. When a new Critical or High finding is detected during any scan (scheduled or manual), VeilScan sends a Slack alert immediately, before the full report is complete. This means your team knows about serious new exposures within minutes, regardless of when the scan runs.

See: Slack Alerts feature · What is Continuous Monitoring? · VeilScan Between Penetration Tests

What are the most common questions?

Can I trigger a scan manually outside the schedule?

Yes. All paid plans include monthly manual on-demand scan quotas. You can trigger a scan from your dashboard at any time within your quota. This is useful after a major deployment or infrastructure change when you want immediate feedback rather than waiting for the next scheduled scan.

What happens to historical scan data?

All scan results are stored securely in AWS eu-west-2 (London) for the duration of your account. You can access any previous scan report from your dashboard. Delta reports compare to the most recent previous scan, but you can also compare any two scans manually. If you cancel your subscription, scan data is retained in read-only mode.

Is continuous monitoring available on the free plan?

The free plan includes one lifetime scan per domain. Continuous scheduled monitoring requires a paid plan. See all plans for scan cadence and domain limits.

Start monitoring continuously. Paid plans start at £49/month with monthly scanning and full finding visibility. View plans → · Back to all features