In order to manage a device, Cisco Defense Orchestrator (CDO) must have its own copy of the device's configuration stored in it's local database. When CDO "reads" a configuration from a device it manages, it takes a copy of the device's running configuration and saves it. The first time CDO reads and saves a copy of a device's configuration is when the device is onboarded. When CDO reads the device's configuration from the device to CDO, it completely overwrites the copy of the configuration it has stored on CDO. It does not overwrite only sections of the configuration that have changed.
As you manage and make changes to a device's configuration, CDO saves the changes you make to its own copy of the configuration file. Those changes are considered "staged" on CDO until they are "deployed" to the device. Staged configuration changes have no affect on the network traffic running through the device. Only after CDO "deploys" the changes to the device do they have an affect on the traffic running through the device. When CDO deploys changes to the device's configuration, it only overwrites those elements of the configuration that were changed. It does not overwrite the entire configuration file stored on the device.
These articles describe how to read configurations from the devices CDO manages and deploy configuration changes from CDO to the device: