CT-Ops
Host Detail Pages
How CT-Ops host detail pages are organised and where to find full guides for each host-management area.
Open a host detail page by selecting a host from Hosts -> All Hosts, a group detail page, or a network detail page. The host detail page is the operational workspace for one machine. It is where you move from a fleet-level row into the evidence, configuration, and actions that apply to that specific server.
Host detail areas
| Area | What it gives you | Full guide |
|---|---|---|
| Overview | The first-read view of status, last seen time, resource pressure, log-error status, detected apps, potential savings, Docker runtime state, vulnerability posture, system identity, agent state, and pinned notes. | Host overview |
| Monitoring | Time-series metrics, heartbeat history, notification charts, host checks, alert rules, and recent check results. | Host monitoring |
| Infrastructure | Storage, network interfaces, CT-Ops network membership, patch posture, services, and host logs. | Host infrastructure |
| Inventory | Installed software, scan state, package comparison, CSV export, and vulnerability findings. | Host inventory |
| Containers | Docker runtime state, container inventory, image risk, container metrics, network graph, and lifecycle events. | Host containers |
| Activity | Notes and calendar events that explain planned work, maintenance, decisions, and host context. | Host activity |
| Management | Local users, group membership, collection settings, tags, terminal access policy, SSH host-key trust, Docker retention overrides, and image scanning overrides. | Host management |
| Tools | Manual task execution, task history, automated run logs, terminal access, and host deletion. | Host tools |
Header controls
Every host detail page starts with the same header:
| Control or field | What it means |
|---|---|
| Back to hosts | Returns to Hosts -> All Hosts. Use it after finishing a single-host investigation. |
| Host name | Shows the host display name when one is configured, otherwise the reported hostname. |
| Status badge | Shows the current host state: Online, Offline, Pending, Revoked, or Unknown. |
| Last seen | Shows when CT-Ops last received telemetry from the host. Treat old timestamps as a sign of agent, network, or host availability trouble before trusting other telemetry. |
| Delete Host | Opens the destructive delete flow. It is shown only to users with host-management access. |
The parent navigation has eight stable areas: Overview, Monitoring, Infrastructure, Inventory, Containers, Activity, Management, and Tools. Some parent areas expose child tabs. CT-Ops loads several expensive data sets only when their tab is active, so opening a tab can trigger fresh API calls or agent queries.
Child tabs
| Parent area | Child tabs |
|---|---|
| Overview | No child tabs. |
| Monitoring | Metrics, Checks. |
| Infrastructure | Storage, Network, Networks, Patch Status, Services, Host Logs. |
| Inventory | Packages, Vulnerabilities. |
| Containers | Internal Overview, Network View, and Lifecycle subtabs inside the page. |
| Activity | Notes, Calendar. |
| Management | Users, Groups, Settings. The Users tab is hidden when local-user collection is disabled for the host. |
| Tools | Tasks, Logs, Terminal. |
Several tab labels show counts when CT-Ops already has that data, such as disk count, network-interface count, and local-user count. The Monitoring parent also shows a red count when active firing alerts exist for the host.
How to use host detail pages
Start with Overview when responding to an alert or checking a new host. It shows whether the host is online, under resource pressure, or carrying vulnerability risk.
Use Monitoring and Infrastructure when you need to diagnose why a host is unhealthy. These areas show whether the problem is resource usage, failed checks, stale heartbeats, disk pressure, network identity, patch age, service state, or host-side logs.
Use Inventory and Containers when the question is “what is installed or running here?” These pages help with vulnerability triage, drift checks, package review, image risk, and container runtime investigation.
Use Activity and Management to keep the host understandable and controlled over time. Notes, calendar entries, group membership, tags, collection settings, terminal settings, and local-user discovery all help make the host easier to operate safely.
Use Tools only when you need to take action on the host or inspect action history. Tasks and terminal access can change or expose host state, so treat them as controlled operational workflows rather than passive views.
Operator workflow
For a normal investigation, use the page in this order:
- Start on Overview to confirm the host identity, status, resource pressure, log-error state, Docker state, vulnerability posture, and pinned warnings.
- Move to Monitoring -> Metrics when the problem may be time-based or intermittent.
- Move to Monitoring -> Checks when a service, certificate, folder, file, Docker volume, patch age, service-account scan, or SSH-key scan should be monitored continuously.
- Move to Infrastructure when you need disk, network, network-membership, patch, service, or log evidence.
- Move to Inventory and Containers when the question is about installed software, vulnerable packages, Docker runtime state, or container behavior.
- Use Activity to check whether planned work or operator notes explain what you are seeing.
- Use Management for collection, classification, terminal, tag, Docker retention, and Docker image-scanning policy changes.
- Use Tools last, when passive evidence is not enough and you need to run a task, open a terminal, or delete the host record.