--- title: Cisco Threat Response (CTR) / SecureX summary: null url: https://www.fastly.com/documentation/guides/next-gen-waf/integrations/ctr --- > **IMPORTANT:** > > This guide only applies to Next-Gen WAF customers with access to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net). > > Cisco Threat Response (CTR) is a tool used by incident responders that aggregates data from various Cisco security products like AMP for Endpoints, Firewall, Umbrella, Email Security, and Stealthwatch in addition to data from certain third-party products including Next-Gen WAF. Within CTR, an investigator can perform a lookup against some object (file hash, URL, IP address) and CTR will fetch data from all of the products that are integrated including any indicators of compromise and associated metadata. > **HINT:** > > Want to set up alerting for your CDN or Compute service? Check out our [Observability](/guides/observability/alerts/about-alerts/) guides. > > > ## Installation The CTR integration is a native integration that is available in the SecureX console: > **IMPORTANT:** The user setting up the CTR integration must have [permission](https://www.fastly.com/documentation/guides/next-gen-waf/account-info/using-user-roles-and-permissions/) to create [API Access Tokens](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf#about-api-access-tokens). 1. Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net). 2. From the **Sites** menu, select a site if you have more than one site. 3. [Create an API Access Token for your user](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf#creating-api-access-tokens). 4. Generate an **Authorization Bearer Token** from this API Access Token by base64 encoding a string composed of the email address associated with your user, a colon, and the API Access Token you generated. An example of this in JavaScript is: ```js btoa("user@example.com:api-access-token") = "YW5keUBleGFtcGxlY29ycC5jb206ZXhhbXBsZXRva2Vu" ``` 5. Log in to your SecureX console. 6. Click **Integrations**. 7. From the **Integrations** menu in the navigation bar on the left, select **Available Integrations**. 8. Locate **Signal Sciences Next-Gen WAF** in the list of available modules and click **Add New Module**. 9. In the **Module Name** field, leave the default name or enter a custom name. Custom names are useful if you plan to have multiple integrations for several cloud instances. 10. In the **URL** field, enter `https://dashboard.signalsciences.net/api.v0/corps//ctr`. - Your `` is present in the address of your Next-Gen WAF control panel, such as `https://dashboard.signalsciences.net/corps//overview`. - Your `` can also be retrieved from the [List Corps API endpoint](https://www.fastly.com/documentation/signalsciences/api/#_corps_get). Your corp name is the string that appears in the URL after logging into the Next-Gen WAF control panel. 11. In the **Authorization Bearer Token** field, enter the base64-encoded token you generated in Step 3. 12. Click **Save**. ## Using the Cisco Threat Response Integration Once the integration is installed, any lookups within CTR that include an IP address that’s been flagged by SigSci will return a record of the event in the Observables widget under Sightings and Indicators. The Sighting will show when the IP address was flagged, the URL that was targeted, and a link back to the flagged IP address event within the Next-Gen WAF control panel. The Indicator will describe the attack signal that was associated with the flagged IP address (i.e., XSS). ## Related content - [API access tokens](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf#creating-api-access-tokens) - [Next-Gen WAF API documentation](https://www.fastly.com/documentation/signalsciences/api/)