Hidden Data Table Column

I would like to be able to have columns in data tables that are not visible in the GUI. 

 

This would be helpful for holding information that isn't particularly useful for whoever is working the incident, but would be useful for automation. An example of such a field would be some kind of ID like an event ID. 

 

My particular use case would be this:

Most of our Incidents in Resilient are created from QRadar offenses. It's possible for our QRadar offenses to continue to collect more events/flows after the offense is created (and therefore it's already in Resilient). We continuously push the event_count and flow_count fields from QRadar and have a rule to trigger a task that alerts the analyst that their QRadar data is out of sync and they need to repull it (an action we created). Currently, in this action, we have to clear the data table and then replace the whole data table with the information we retrieve from QRadar. This could an issue if the analyst changes anything in the data table, it will get erased and that data will be lost. My solution would be to check the event IDs of the row to determine if it's in the data table already or not. I could add the eventID column to the data table but having fields that the analyst doesn't need clutters up the GUI. I would prefer to have this as a hidden column/field in the data table.

  • Guest
  • Jan 14 2020
  • Future consideration
  • Attach files
  • Guest commented
    28 Jan, 2020 11:12pm

    Ooh.. I like this idea.  We use hidden fields all the time, and having these available for DT usage would also be good.

     
  • Guest commented
    24 Jan, 2020 01:58pm

    Maybe that hidden column could be displayed only to Master Admins, hidden from all other users?

  • Guest commented
    14 Jan, 2020 06:00pm

    I could see this really helping us in our environment also.