CT-Ops
Host Overview
How to use the CT-Ops host Overview area to get a fast operational read on one host.
The Overview area is the first place to look after opening a host. It answers the basic operator question: “Is this machine healthy, identifiable, and safe enough to leave alone?”
Resource cards
The CPU, memory, and root-disk cards show the latest utilisation reported by the agent. Each card has a large percentage, a short capacity summary, and a progress bar.
| Card | Fields | Important behavior |
|---|---|---|
| CPU Usage | Current CPU percentage and CPU capacity summary. | Values above 70% turn amber; values above 90% turn red. |
| Memory Usage | Current memory percentage and memory-capacity summary. | Values above 70% turn amber; values above 90% turn red. |
| Disk Usage (root) | Current root or primary disk percentage and disk-capacity summary. | Values above 70% turn amber; values above 90% turn red. |
Use these cards to decide whether to open Monitoring -> Metrics for trend analysis, Infrastructure -> Storage for disk detail, or Tools -> Tasks for a controlled remediation task.
Vulnerability assessment
The vulnerability assessment card shows the host’s current vulnerability posture from CT-CVE-backed package matching.
| Field | Meaning |
|---|---|
| Status badge | Affected, Clear, Stale, or Not assessed. |
| Reason | Short explanation of why CT-Ops chose that status. |
| Confirmed findings | Number of open confirmed vulnerability findings for the host. |
| Critical / High | Count of critical and high-severity findings. |
| Last inventory scan | Last software inventory scan used for package matching. |
| Last CT-CVE import | Last vulnerability import used for assessment. |
| View findings | Opens Inventory -> Vulnerabilities for the host. |
Open Inventory -> Vulnerabilities when the card indicates risk or when you need the package, CVE, severity, and remediation detail behind the summary.
Treat Stale and Not assessed differently from Clear. They mean CT-Ops does not have fresh enough evidence to make a confident vulnerability statement.
Detected apps
When CT-Ops has identified applications on the host, the Detected apps card shows app icons for the first discovered apps. It is a quick way to connect a host to the products or services it appears to support before opening deeper inventory or container views.
Use it during triage to confirm that you are looking at the expected application host, especially when display names and hostnames are generic.
Potential savings
When the host appears in the potential-savings report, the Overview page shows a Potential savings available card. It can show:
| Field | Meaning |
|---|---|
| CPU recommendation | Current CPU allocation and recommended lower allocation. |
| Memory recommendation | Current memory allocation and recommended lower allocation. |
| Monthly savings | Estimated monthly saving in GBP. |
| View report | Opens the full potential-savings report. |
Use this card for capacity and cost review, not incident response. Validate the recommendation against workload requirements before reducing resources.
Docker runtime
The Docker Runtime card shows whether Docker is available on the host and whether the agent can inspect it.
| Field | Meaning |
|---|---|
| Status badge | Installed, Not installed, Permission denied, Unreachable, Error, or Unknown. |
| Last checked | When the agent last checked Docker runtime status. |
| Runtime | Docker runtime version when reported. |
| API | Docker API version when reported. |
| Diagnostic | Sanitised agent diagnostic when Docker cannot be queried cleanly. |
Use this card before relying on the Containers area. If Docker should be available but the card says Permission denied or Unreachable, fix agent access or Docker availability before investigating container inventory.
System information
System information identifies the host.
| Field | Meaning |
|---|---|
| Hostname | Hostname reported by the agent. |
| Operating System | OS family reported by the agent. |
| OS Version | OS version string reported by the agent. |
| Architecture | CPU architecture, such as amd64 or arm64. |
| Uptime | Agent-reported host uptime, formatted as days, hours, and minutes. |
| IP Addresses | IP addresses currently associated with the host. |
Use it during incident response to avoid running tasks against the wrong host, and during onboarding to confirm that agent registration produced the expected inventory record.
Agent information
The Agent panel shows the CT-Ops agent state for the host.
| Field | Meaning |
|---|---|
| Status | Agent status badge. |
| Version | Agent version. CT-Ops adds Update available when the latest known agent version is newer. |
| Agent ID | Agent identifier associated with the host. |
| Last Heartbeat | Last heartbeat received from the agent. |
| Registered | When the host record was created. |
Use this panel when telemetry is missing, terminal access is not behaving as expected, or the host is not reporting features that depend on newer agent capabilities.
Pinned notes
Pinned notes surface important operational context directly on the Overview page. They are useful for maintenance warnings, ownership notes, known exceptions, and “do not touch without approval” guidance.
Use Activity -> Notes to create, update, pin, or unpin host notes.