oncall doc updates

docs/Contributing/architecture/software/vulnerability-management.md → docs/Contributing/architecture/security-compliance/vulnerability-management.md

@@ -35,5 +35,3 @@ To learn more, read our [vulnerability processing](https://fleetdm.com/guides/vu
 - [Vulnerability processing guide](https://fleetdm.com/guides/vulnerability-processing)
 - [Software filtering guide](https://fleetdm.com/guides/filtering-software-by-vulnerability)
 - [Remediating the cx vulnerability with Fleet guide](https://fleetdm.com/guides/remediating-the-xz-vulnerability-with-fleet)
-- [Software Product Group Documentation](../../product-groups/software/) - Documentation for the Software product group
-- [Software Development Guides](../../guides/software/) - Guides for Software development

docs/Contributing/architecture/software/README.md

@@ -1,6 +1,6 @@
 # Software architecture
 
-Fleet's software architecture is designed to manage software across the device fleet, including software inventory, vulnerability management, and software installation. This directory contains documentation about Fleet's software architecture.
+Fleet's software architecture is designed to manage software across the device fleet, including software inventory and software installation. This directory contains documentation about Fleet's software architecture.
 
 ## Contents
 
@@ -14,4 +14,4 @@ Fleet's software architecture is designed to manage software across the device f
 
 ## Related resources
 
-- [Software Product Group Documentation](../../product-groups/software/) - Documentation for the Software product group
+- [Software Product Group Documentation](../../product-groups/software/) - Documentation for the Software product group

docs/Contributing/architecture/software/software-automations.md

@@ -1,10 +1,10 @@
-# Software policies architecture
+# Software automation architecture
 
 This document provides an overview of Fleet's software automation architecture.
 
 ## Introduction
 
-Software automation in Fleet enable organizations automatically install or update software based on a policy.
+Software automation in Fleet enable organizations automatically install or update software based on a [policy](https://fleetdm.com/securing/what-are-fleet-policies).
 
 ## Architecture overview
 
@@ -19,4 +19,3 @@ Software automation in Fleet enable organizations automatically install or updat
 ## Related resources
 
 - [Software Product Group Documentation](../../product-groups/software/) - Documentation for the Software product group
-- [Software Development Guides](../../guides/software/) - Guides for Software development

docs/Contributing/architecture/software/software-installation.md

@@ -13,35 +13,45 @@ interactions specific to the Software Installation functionality.
 ### Software types
 
 Fleet supports 3 different types of installable software: custom packages, Fleet-maintained apps,
-and VPP apps.
+and app store apps.
 
 #### Custom packages
 
 Custom packages are software packages whose installer is uploaded directly to Fleet by an admin.
 
-Fleet supports `.pkg`, `.msi`, `.exe`, `.deb.`, and `.rpm` installers for custom packages.
+Fleet supports the following installer files as custom packages
+
+| Installer file extension      | Supported platform(s) |
+| ----------- | ----------- |
+| .pkg   | macOS                  |
+| .ipa   | iOS, iPadOS            |
+| .msi   | Windows                |
+| .exe   | Windows                |
+| .deb   | Debian-based Linux     |
+| .rpm   | RHEL-based Linux       |
+
 
 #### Fleet-maintained apps
 
 Fleet-maintained apps are software that Fleet curates. Fleet sources installers and generates
 install and uninstall scripts for Fleet-maintained apps, so that admins can add them to their
 software library with just a few clicks.
 
-#### VPP apps
-
-VPP apps are apps that can be added using Apple's Volume Purchasing Program functionality. These
-apps are only for Apple devices (macOS, iOS, and iPadOS) and are managed using the Apple MDM protocol.
+#### App store apps
 
-## Architecture overview
+App store apps are software that is installed directly from an external app store. Fleet currently supports
+the Apple App Store (via [VPP](https://developer.apple.com/documentation/devicemanagement/managing-apps-and-books-through-web-services-legacy) apps (for macOS, iOS, and iPadOS hosts)) 
+and the Google Play Store (for Android hosts).
 
-## Key components
+## Architecture diagrams
 
-## Architecture diagram
+### VPP app install and verification
 
-### VPP app install verification
+VPP apps are installed using the Apple MDM protocol. When an install is triggered, Fleet sends an `InstallApplication` command
+to the host.
 
-Fleet verifies VPP app installs by sending a series of `InstalledApplicationList` MDM commands after
-the acknowledgment of the `InstallApplication` command. It attempts to verify until either
+To verify that the install was successful, Fleet sends a series of `InstalledApplicationList` MDM commands after
+the acknowledgment of the `InstallApplication` command. Fleet attempts to verify until either
 - the app shows up in the `InstalledApplicationList` response as installed, or
 - the verification timeout (defaults to 10m, configurable via the `FLEET_SERVER_VPP_VERIFY_TIMEOUT`
   env var).
@@ -50,19 +60,22 @@ the acknowledgment of the `InstallApplication` command. It attempts to verify un
 ```mermaid
 sequenceDiagram
     autonumber
-    Fleet->>+Host: InstallApplicationCommand
-    Host-->>-Fleet: Acknowledged
-
-    Fleet->>+Fleet: Start timeout
-
-    loop Verification loop
-        Fleet->>+Host: InstalledApplicationListCommand
-        Host-->>-Fleet: Acknowledged<br/>[list of apps]
-        critical Check app status
-        option app in list, installed, exit:
-            Fleet->>+Fleet: Move status to "Installed"
-        option app not in list, timeout:
-            Fleet->>+Fleet: Move status to "Failed"
+        Note over Fleet,Host: Installation
+        Fleet->>+Host: InstallApplicationCommand
+        Host-->>-Fleet: Acknowledged
+
+        Note over Fleet,Host: Verification
+
+        Fleet->>+Fleet: Start timeout
+
+        loop Verification loop
+            Fleet->>+Host: InstalledApplicationListCommand
+            Host-->>-Fleet: Acknowledged<br/>[list of apps]
+            critical Check app status
+            option app in list, installed, exit:
+                Fleet->>+Fleet: Move status to "Installed"
+            option app not in list, timeout:
+                Fleet->>+Fleet: Move status to "Failed"
         end
     end
 ```
@@ -106,19 +119,6 @@ graph TD
     end
 ```
 
-## Platform-specific implementations
-
-### macOS
-
-### Windows
-
-### Linux
-
-### iOS/iPadOS 
-
-### Android
-
 ## Related resources
 
 - [Software product group documentation](../../product-groups/software/) - Documentation for the Software product group
-- [Software development guides](../../guides/software/) - Guides for Software development

docs/Contributing/architecture/software/software-overview.md

@@ -22,28 +22,6 @@ The Software architecture consists of the following main components:
 [Placeholder for Software Architecture Diagram]
 ```
 
-## Software inventory
-
-The Software Inventory component collects and manages information about installed software on devices. It leverages osquery's capabilities to collect software information and Fleet's infrastructure to process and display it.
-
-### Inventory collection flow
-
-1. osquery agent collects software information using osquery tables.
-2. osquery agent sends the information to the Fleet server.
-3. Server processes and stores the information in the database.
-4. UI displays the information to users.
-
-## Vulnerability management
-
-The Vulnerability Management component identifies and manages software vulnerabilities in the device fleet. It compares installed software versions with known vulnerabilities and provides information about affected devices.
-
-### Vulnerability identification flow
-
-1. Server retrieves software inventory information from the database.
-2. Server compares software versions with vulnerability databases.
-3. Server identifies vulnerable software and affected devices.
-4. UI displays vulnerability information to users.
-
 ## Software installation
 
 The Software Installation component manages the installation of software on devices. It leverages platform-specific mechanisms to install software packages.
@@ -67,4 +45,3 @@ The Software architecture integrates with the following components:
 ## Related resources
 
 - [Software Product Group Documentation](../../product-groups/software/) - Documentation for the Software product group
-- [Software Development Guides](../../guides/software/) - Guides for Software development

docs/Contributing/architecture/software/software-updates.md

@@ -35,4 +35,3 @@ The software updates architecture enables the identification, configuration, and
 ## Related resources
 
 - [Software product group documentation](../../product-groups/software/) - Documentation for the software product group
-- [Software development guides](../../guides/software/) - Guides for software development