CT-Ops

Host Overview

How to use the CT-Ops host Overview area to get a fast operational read on one host.

The Overview area is the first place to look after opening a host. It answers the basic operator question: “Is this machine healthy, identifiable, and safe enough to leave alone?”

Resource cards

The CPU, memory, and root-disk cards show the latest utilisation reported by the agent. Each card has a large percentage, a short capacity summary, and a progress bar.

CardFieldsImportant behavior
CPU UsageCurrent CPU percentage and CPU capacity summary.Values above 70% turn amber; values above 90% turn red.
Memory UsageCurrent memory percentage and memory-capacity summary.Values above 70% turn amber; values above 90% turn red.
Disk Usage (root)Current root or primary disk percentage and disk-capacity summary.Values above 70% turn amber; values above 90% turn red.

Use these cards to decide whether to open Monitoring -> Metrics for trend analysis, Infrastructure -> Storage for disk detail, or Tools -> Tasks for a controlled remediation task.

Vulnerability assessment

The vulnerability assessment card shows the host’s current vulnerability posture from CT-CVE-backed package matching.

FieldMeaning
Status badgeAffected, Clear, Stale, or Not assessed.
ReasonShort explanation of why CT-Ops chose that status.
Confirmed findingsNumber of open confirmed vulnerability findings for the host.
Critical / HighCount of critical and high-severity findings.
Last inventory scanLast software inventory scan used for package matching.
Last CT-CVE importLast vulnerability import used for assessment.
View findingsOpens Inventory -> Vulnerabilities for the host.

Open Inventory -> Vulnerabilities when the card indicates risk or when you need the package, CVE, severity, and remediation detail behind the summary.

Treat Stale and Not assessed differently from Clear. They mean CT-Ops does not have fresh enough evidence to make a confident vulnerability statement.

Detected apps

When CT-Ops has identified applications on the host, the Detected apps card shows app icons for the first discovered apps. It is a quick way to connect a host to the products or services it appears to support before opening deeper inventory or container views.

Use it during triage to confirm that you are looking at the expected application host, especially when display names and hostnames are generic.

Potential savings

When the host appears in the potential-savings report, the Overview page shows a Potential savings available card. It can show:

FieldMeaning
CPU recommendationCurrent CPU allocation and recommended lower allocation.
Memory recommendationCurrent memory allocation and recommended lower allocation.
Monthly savingsEstimated monthly saving in GBP.
View reportOpens the full potential-savings report.

Use this card for capacity and cost review, not incident response. Validate the recommendation against workload requirements before reducing resources.

Docker runtime

The Docker Runtime card shows whether Docker is available on the host and whether the agent can inspect it.

FieldMeaning
Status badgeInstalled, Not installed, Permission denied, Unreachable, Error, or Unknown.
Last checkedWhen the agent last checked Docker runtime status.
RuntimeDocker runtime version when reported.
APIDocker API version when reported.
DiagnosticSanitised agent diagnostic when Docker cannot be queried cleanly.

Use this card before relying on the Containers area. If Docker should be available but the card says Permission denied or Unreachable, fix agent access or Docker availability before investigating container inventory.

System information

System information identifies the host.

FieldMeaning
HostnameHostname reported by the agent.
Operating SystemOS family reported by the agent.
OS VersionOS version string reported by the agent.
ArchitectureCPU architecture, such as amd64 or arm64.
UptimeAgent-reported host uptime, formatted as days, hours, and minutes.
IP AddressesIP addresses currently associated with the host.

Use it during incident response to avoid running tasks against the wrong host, and during onboarding to confirm that agent registration produced the expected inventory record.

Agent information

The Agent panel shows the CT-Ops agent state for the host.

FieldMeaning
StatusAgent status badge.
VersionAgent version. CT-Ops adds Update available when the latest known agent version is newer.
Agent IDAgent identifier associated with the host.
Last HeartbeatLast heartbeat received from the agent.
RegisteredWhen the host record was created.

Use this panel when telemetry is missing, terminal access is not behaving as expected, or the host is not reporting features that depend on newer agent capabilities.

Pinned notes

Pinned notes surface important operational context directly on the Overview page. They are useful for maintenance warnings, ownership notes, known exceptions, and “do not touch without approval” guidance.

Use Activity -> Notes to create, update, pin, or unpin host notes.