CT-Ops

CT-Ops Overview

Self-hosted monitoring and operations for infrastructure teams that need control.

CT-Ops is an open-source monitoring and operations platform designed to run on your own infrastructure. It is built for teams that need visibility without SaaS dependencies, telemetry, licence servers, or hidden data movement.

What it covers

  • Agent-based host monitoring over gRPC and mTLS.
  • Real-time CPU, memory, disk, and network metrics.
  • Checks, alerts, silences, and notification routing.
  • Certificate lifecycle tracking.
  • Domain and local service account impact modelling.
  • Network inventory and topology views.
  • Daily stand-up boards with engineer actions through DSUM.
  • CT-Vault integration for operational password and secret access.
  • Host groups, tagging, and instance-scoped RBAC.
  • Air-gap agent bundles for restricted environments.

Overview dashboard

The CT-Ops Overview page separates customer-actionable risk from background exposure. The CVE Vulnerability Posture dial continues to show all open confirmed CVE exposure by severity, so teams can see their full estate picture. The Overall Risk Posture score uses only vulnerability findings where a fixed version is known, alongside alerts, certificates, service accounts, and agent health.

The ellipsis menu in the Overall Risk Posture card opens two default-off filters:

  • Ignore vulnerabilities with no fix removes CVEs that do not currently have a known fixed version from the Overview risk stats.
  • Ignore vulnerabilities that require Ubuntu Pro removes CVEs whose fix is marked as requiring Ubuntu Pro or an Ubuntu ESM channel.

Use these filters when the dashboard needs to reflect the remediation scope that matters for the current operator or customer policy.

The same remediation-scope controls are available from the ellipsis menu on Reports -> Vulnerabilities. They are default-off there too, and when enabled they remove matching CVEs from the report summary, risk posture, affected network counts, and findings table.

The top-row metrics keep alert navigation focused on Active alerts, which opens the Alerts page for currently firing and acknowledged alert instances.

Critical and high CVEs that do not yet have a known fixed version are still shown as vulnerability exposure and in the Risk Posture detail view as Awaiting vendor fix, but they do not pin the score at 100. This lets customers improve the score by fixing issues they can act on while still keeping unfixed vendor exposure visible for review and exception tracking.

Engineers tab

The Engineers tab gives each engineer a quieter operational view. Summary tiles show current operational events, incidents created from those events, and Project ToDo tasks assigned to the engineer.

The detailed lists sit behind closed-by-default expanders:

  • Operational Events shows the active events that may need incidents.
  • Project ToDo’s shows open ToDo project tasks assigned to the engineer.

Each expander displays its item count in the header so engineers can scan their load without opening every section.

The top-right Search control opens the CT-Ops-wide search modal. Operators can also open it with Cmd+K on macOS or Ctrl+K on Windows and Linux.

Search starts after at least two characters are entered. Results are grouped into tabs so operators can jump directly to the matching area without leaving the modal first:

  • Hosts
  • CVE
  • Service Accounts
  • Certificates
  • Project ToDo’s
  • Future Calendar events
  • ITIL Incidents
  • ITIL Services
  • ITIL CMDB

Future calendar results include the next matching occurrence from recurring Operations Calendar series, even when the original series start date is already in the past.

Each tab shows the matching records for that category. Selecting a result opens the relevant CT-Ops page or detail view, such as a host, service account, certificate, service, CMDB item, ToDo project, or the relevant operations list.

Incidents can also carry an external ticket reference, such as a ServiceNow ticket number and optional link, when the customer tracks service desk work in a separate system.

Deployment profiles

CT-Ops supports a single-host deployment for small estates and Redpanda-backed profiles for production and high-availability environments.