# Hex Logs (Beta) ## Overview {% hint style="info" %} Hex log ingestion is in open beta starting with Panther version 1.123, and is available to all customers. Please share any bug reports and feature requests with your Panther support team. {% endhint %} Panther can receive real-time audit log events from [Hex](https://hex.tech/) via webhook. This integration provides visibility into user activity across your Hex workspace, including project access, data exports, and administrative actions, enabling security monitoring and compliance auditing. ## How to onboard Hex audit logs to Panther ### Prerequisites * To set up this integration, you must be a Hex workspace admin with access to **Settings** > **Audit Logs**. ### Step 1: Create a new Hex log source in Panther 1. In the left-hand navigation bar of your Panther Console, click **Configure** > **Log Sources**. 2. Click **Create New.** 3. Search for "Hex", then click its tile. 4. Click **Start Setup**. 5. Follow Panther's [instructions for configuring an HTTP Source](https://github.com/panther-labs/panther-docs/blob/main/docs/gitbook/data-transports/http.md#how-to-set-up-an-http-log-source-in-panther), beginning at Step 5. * You will be required to use [shared secret authentication](https://github.com/panther-labs/panther-docs/blob/main/docs/gitbook/data-transports/http.md#shared-secret). * Payloads sent to this source are subject to the [payload requirements for all HTTP sources](https://github.com/panther-labs/panther-docs/blob/main/docs/gitbook/data-transports/http.md#payload-requirements). * Do not proceed to the next step until the creation of your HTTP endpoint has completed. Copy the **HTTP Source URL**, **Header Name**, and **Secret Key Value** — you will need them in Step 2. ### Step 2: Configure the audit log stream in Hex 1. In your Hex workspace, navigate to **Settings** > **Audit Logs**. 2. Under the log streaming section, add a new destination. 3. Select **Generic HTTPS** as the destination type. 4. Fill in the fields: * **URL**: enter the **HTTP Source URL** you generated in Panther. * **Auth header name**: enter the **Header Name** you configured in Panther. * **Auth header value**: enter the **Secret Key Value** you configured in Panther. 5. Save the configuration. Hex will begin streaming audit events to Panther immediately. ## Supported log types ### Hex.Audit Audit log events from the Hex analytics platform, capturing user and system actions within a workspace such as running cells, creating projects, managing access, and downloading data. ```yaml schema: Hex.Audit description: Audit log events from the Hex analytics platform webhook referenceURL: https://learn.hex.tech/docs/explore-data/webhooks/event-reference fields: - name: actor type: object description: The actor who performed the action fields: - name: id required: true type: string description: Unique identifier of the actor indicators: - actor_id - name: type required: true type: string description: Type of actor (e.g. USER) - name: metadata type: object description: Additional metadata about the actor fields: - name: email type: string description: Email address of the actor indicators: - email - name: workspace type: string description: Workspace name - name: workspaceId type: string description: Unique identifier of the workspace - name: action required: true type: string description: The action that was performed (e.g. RUN_CELL, CREATE_PROJECT) - name: context type: object description: Context of where the action was performed fields: - name: location type: string description: IP address of the request indicators: - ip - name: user_agent type: string description: User agent string of the request - name: targets type: array description: Objects affected by the action element: type: object fields: - name: id type: string description: Unique identifier of the target - name: type type: string description: Type of target (e.g. project, project_version, cell) - name: metadata type: object description: Additional metadata about the target fields: - name: created type: boolean description: Whether the target was created by this action - name: principal_type type: string description: Type of principal for access events (e.g. user, group) - name: representation type: string description: JSON-encoded representation of the target object - name: version type: int description: Schema version of the event - name: metadata type: object description: Additional metadata about the action fields: - name: result type: string description: Outcome of the action (e.g. SUCCESS, FAILURE) - name: requestArgs type: string description: JSON-encoded request arguments - name: failureReason type: string description: Reason for failure if the action failed - name: hexTraceId type: string description: Hex trace ID for correlating events across services - name: source type: string description: Source system that generated the event - name: isRefreshingKey type: boolean description: Whether the event was triggered by a key refresh operation - name: projectCreationMethod type: string description: Method used to create the project (e.g. BLANK, TEMPLATE) - name: occurred_at required: true type: timestamp timeFormats: - rfc3339 isEventTime: true description: Timestamp when the event occurred ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/data-onboarding/supported-logs/hex.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.