CT-Ops

Host Detail Pages

How CT-Ops host detail pages are organised and where to find full guides for each host-management area.

Open a host detail page by selecting a host from Hosts -> All Hosts, a group detail page, or a network detail page. The host detail page is the operational workspace for one machine. It is where you move from a fleet-level row into the evidence, configuration, and actions that apply to that specific server.

Host detail areas

AreaWhat it gives youFull guide
OverviewThe first-read view of status, last seen time, resource pressure, log-error status, detected apps, potential savings, Docker runtime state, vulnerability posture, system identity, agent state, and pinned notes.Host overview
MonitoringTime-series metrics, heartbeat history, notification charts, host checks, alert rules, and recent check results.Host monitoring
InfrastructureStorage, network interfaces, CT-Ops network membership, patch posture, services, and host logs.Host infrastructure
InventoryInstalled software, scan state, package comparison, CSV export, and vulnerability findings.Host inventory
ContainersDocker runtime state, container inventory, image risk, container metrics, network graph, and lifecycle events.Host containers
ActivityNotes and calendar events that explain planned work, maintenance, decisions, and host context.Host activity
ManagementLocal users, group membership, collection settings, tags, terminal access policy, SSH host-key trust, Docker retention overrides, and image scanning overrides.Host management
ToolsManual task execution, task history, automated run logs, terminal access, and host deletion.Host tools

Header controls

Every host detail page starts with the same header:

Control or fieldWhat it means
Back to hostsReturns to Hosts -> All Hosts. Use it after finishing a single-host investigation.
Host nameShows the host display name when one is configured, otherwise the reported hostname.
Status badgeShows the current host state: Online, Offline, Pending, Revoked, or Unknown.
Last seenShows when CT-Ops last received telemetry from the host. Treat old timestamps as a sign of agent, network, or host availability trouble before trusting other telemetry.
Delete HostOpens the destructive delete flow. It is shown only to users with host-management access.

The parent navigation has eight stable areas: Overview, Monitoring, Infrastructure, Inventory, Containers, Activity, Management, and Tools. Some parent areas expose child tabs. CT-Ops loads several expensive data sets only when their tab is active, so opening a tab can trigger fresh API calls or agent queries.

Child tabs

Parent areaChild tabs
OverviewNo child tabs.
MonitoringMetrics, Checks.
InfrastructureStorage, Network, Networks, Patch Status, Services, Host Logs.
InventoryPackages, Vulnerabilities.
ContainersInternal Overview, Network View, and Lifecycle subtabs inside the page.
ActivityNotes, Calendar.
ManagementUsers, Groups, Settings. The Users tab is hidden when local-user collection is disabled for the host.
ToolsTasks, Logs, Terminal.

Several tab labels show counts when CT-Ops already has that data, such as disk count, network-interface count, and local-user count. The Monitoring parent also shows a red count when active firing alerts exist for the host.

How to use host detail pages

Start with Overview when responding to an alert or checking a new host. It shows whether the host is online, under resource pressure, or carrying vulnerability risk.

Use Monitoring and Infrastructure when you need to diagnose why a host is unhealthy. These areas show whether the problem is resource usage, failed checks, stale heartbeats, disk pressure, network identity, patch age, service state, or host-side logs.

Use Inventory and Containers when the question is “what is installed or running here?” These pages help with vulnerability triage, drift checks, package review, image risk, and container runtime investigation.

Use Activity and Management to keep the host understandable and controlled over time. Notes, calendar entries, group membership, tags, collection settings, terminal settings, and local-user discovery all help make the host easier to operate safely.

Use Tools only when you need to take action on the host or inspect action history. Tasks and terminal access can change or expose host state, so treat them as controlled operational workflows rather than passive views.

Operator workflow

For a normal investigation, use the page in this order:

  1. Start on Overview to confirm the host identity, status, resource pressure, log-error state, Docker state, vulnerability posture, and pinned warnings.
  2. Move to Monitoring -> Metrics when the problem may be time-based or intermittent.
  3. Move to Monitoring -> Checks when a service, certificate, folder, file, Docker volume, patch age, service-account scan, or SSH-key scan should be monitored continuously.
  4. Move to Infrastructure when you need disk, network, network-membership, patch, service, or log evidence.
  5. Move to Inventory and Containers when the question is about installed software, vulnerable packages, Docker runtime state, or container behavior.
  6. Use Activity to check whether planned work or operator notes explain what you are seeing.
  7. Use Management for collection, classification, terminal, tag, Docker retention, and Docker image-scanning policy changes.
  8. Use Tools last, when passive evidence is not enough and you need to run a task, open a terminal, or delete the host record.