External scans should report if there were any changes between scans.

Example IP x.x.x.x had no ports open during a scan, then the next scan it shows port 443 open (or whatever port).

This should be something we can be alerted on and see i a change report.

This would help reduce (and also verify) external risks.