run make generate-docs for DDM activities (#17888)

docs/Using Fleet/Audit-logs.md

@@ -1049,6 +1049,65 @@ This activity contains the following fields:
 }
 ```
 
+## created_declaration_profile
+
+Generated when a user adds a new macOS declaration to a team (or no team).
+
+This activity contains the following fields:
+- "profile_name": Name of the declaration.
+- "identifier": Identifier of the declaration.
+- "team_id": The ID of the team that the declaration applies to, `null` if it applies to devices that are not in a team.
+- "team_name": The name of the team that the declaration applies to, `null` if it applies to devices that are not in a team.
+
+#### Example
+
+```json
+{
+  "profile_name": "Passcode requirements",
+  "profile_identifier": "com.my.declaration",
+  "team_id": 123,
+  "team_name": "Workstations"
+}
+```
+
+## deleted_declaration_profile
+
+Generated when a user removes a macOS declaration from a team (or no team).
+
+This activity contains the following fields:
+- "profile_name": Name of the declaration.
+- "identifier": Identifier of the declaration.
+- "team_id": The ID of the team that the declaration applies to, `null` if it applies to devices that are not in a team.
+- "team_name": The name of the team that the declaration applies to, `null` if it applies to devices that are not in a team.
+
+#### Example
+
+```json
+{
+  "profile_name": "Passcode requirements",
+  "profile_identifier": "com.my.declaration",
+  "team_id": 123,
+  "team_name": "Workstations"
+}
+```
+
+## edited_declaration_profile
+
+Generated when a user edits the macOS declarations of a team (or no team) via the fleetctl CLI.
+
+This activity contains the following fields:
+- "team_id": The ID of the team that the declarations apply to, `null` if they apply to devices that are not in a team.
+- "team_name": The name of the team that the declarations apply to, `null` if they apply to devices that are not in a team.
+
+#### Example
+
+```json
+{
+  "team_id": 123,
+  "team_name": "Workstations"
+}
+```
+
 
 <meta name="title" value="Audit logs">
 <meta name="pageOrderInSection" value="1400">

docs/Using Fleet/Understanding-host-vitals.md

@@ -199,7 +199,7 @@ WITH registry_keys AS (
 		    -- coalesce to 'unknown' and keep that state in the list
 		    -- in order to account for hosts that might not have this
 		    -- key, and servers
-                    WHERE COALESCE(e.state, '0') IN ('0', '1', '2')
+                    WHERE COALESCE(e.state, '0') IN ('0', '1', '2', '3')
                     LIMIT 1;
 ```
 
@@ -373,12 +373,20 @@ SELECT * FROM os_version LIMIT 1
 
 - Query:
 ```sql
-SELECT os.name, r.data as display_version, k.version
+WITH display_version_table AS (
+			SELECT data as display_version
+			FROM registry
+			WHERE path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DisplayVersion'
+		)
+		SELECT
+			os.name,
+			COALESCE(d.display_version, '') AS display_version,
+			k.version
 		FROM
-			registry r,
 			os_version os,
 			kernel_info k
-		WHERE r.path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DisplayVersion'
+		LEFT JOIN
+			display_version_table d
 ```
 
 ## os_windows
@@ -387,19 +395,23 @@ SELECT os.name, r.data as display_version, k.version
 
 - Query:
 ```sql
-SELECT
+WITH display_version_table AS (
+		SELECT data as display_version
+		FROM registry
+		WHERE path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DisplayVersion'
+	)
+	SELECT
 		os.name,
 		os.platform,
 		os.arch,
 		k.version as kernel_version,
 		os.version,
-		r.data as display_version
+		COALESCE(d.display_version, '') AS display_version
 	FROM
 		os_version os,
-		kernel_info k,
-		registry r
-	WHERE
-		r.path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DisplayVersion'
+		kernel_info k
+	LEFT JOIN
+		display_version_table d
 ```
 
 ## osquery_flags