Hi @Shashanksinha, Thank you for writing to live community.
Hi
Yes, Cortex XDR can be included as part of a golden image
Adding Cortex XDR to the golden image could result in duplicate entries, namely the same endpoint IDs. In such cases, using ‘cytool reconnect force’ should help fix the issue.
Each agent have its own unique ID to communicate to XDR server, so simply changing hostname should not create an additional entry.
4. You can use the following basic XQL query to identify duplicate endpoints: dataset = xdr_data
| fields agent_id, agent_hostname
| filter agent_hostname != NULL
| dedup agent_id
Hope this helps!
... View more