diff --git a/it-and-security/lib/all/queries/collect-usb-devices.yml b/it-and-security/lib/all/queries/collect-usb-devices.yml
index 4ca858ce49ec..cad8c1d3b9b9 100644
--- a/it-and-security/lib/all/queries/collect-usb-devices.yml
+++ b/it-and-security/lib/all/queries/collect-usb-devices.yml
@@ -7,4 +7,4 @@
   min_osquery_version: ""
   observer_can_run: true
   platform: darwin,linux
-  query: SELECT model, vendor FROM usb_devices;
\ No newline at end of file
+  query: SELECT model, vendor FROM usb_devices;
diff --git a/it-and-security/lib/all/queries/collect-vs-code-extensions.yml b/it-and-security/lib/all/queries/collect-vs-code-extensions.yml
index 97dfa04547fb..36aae9159920 100644
--- a/it-and-security/lib/all/queries/collect-vs-code-extensions.yml
+++ b/it-and-security/lib/all/queries/collect-vs-code-extensions.yml
@@ -9,4 +9,4 @@
   observer_can_run: false
   platform: darwin,linux,windows
   query: SELECT extension.name, extension.publisher, extension.version FROM users
-    JOIN vscode_extensions extension USING (uid);
\ No newline at end of file
+    JOIN vscode_extensions extension USING (uid);
diff --git a/it-and-security/lib/linux/queries/all-debian-hosts.yml b/it-and-security/lib/linux/queries/all-deb-hosts.yml
similarity index 85%
rename from it-and-security/lib/linux/queries/all-debian-hosts.yml
rename to it-and-security/lib/linux/queries/all-deb-hosts.yml
index 3e3198cfbfc2..c744d81c2e8f 100644
--- a/it-and-security/lib/linux/queries/all-debian-hosts.yml
+++ b/it-and-security/lib/linux/queries/all-deb-hosts.yml
@@ -3,4 +3,4 @@ kind: query
 spec:
   name: All debian hosts
   query: SELECT * FROM os_version WHERE platform_like = 'debian';
-  platform: "darwin"
\ No newline at end of file
+  platform: "darwin"
diff --git a/it-and-security/lib/linux/queries/all-rpm-hosts.yml b/it-and-security/lib/linux/queries/all-rpm-hosts.yml
new file mode 100644
index 000000000000..1b8ee8186631
--- /dev/null
+++ b/it-and-security/lib/linux/queries/all-rpm-hosts.yml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: query
+spec:
+  name: All rpm hosts
+  query: SELECT * FROM os_version WHERE platform_like = 'rhel';
+  platform: "darwin"
diff --git a/it-and-security/lib/linux/software/slack-deb.yml b/it-and-security/lib/linux/software/slack-deb.yml
new file mode 100644
index 000000000000..740ab179252b
--- /dev/null
+++ b/it-and-security/lib/linux/software/slack-deb.yml
@@ -0,0 +1,4 @@
+url: https://downloads.slack-edge.com/desktop-releases/linux/x64/4.41.105/slack-desktop-4.41.105-amd64.deb
+self-service: true
+pre_install_query:
+  path: ../queries/all-deb-hosts.yml
diff --git a/it-and-security/lib/linux/software/slack-rpm.yml b/it-and-security/lib/linux/software/slack-rpm.yml
new file mode 100644
index 000000000000..0e6067d282d3
--- /dev/null
+++ b/it-and-security/lib/linux/software/slack-rpm.yml
@@ -0,0 +1,4 @@
+url: https://downloads.slack-edge.com/desktop-releases/linux/x64/4.41.105/slack-4.41.105-0.1.el8.x86_64.rpm
+self-service: true
+pre_install_query:
+  path: ../queries/all-rpm-hosts.yml
diff --git a/it-and-security/lib/linux/software/zoom.yml b/it-and-security/lib/linux/software/zoom-deb.yml
similarity index 70%
rename from it-and-security/lib/linux/software/zoom.yml
rename to it-and-security/lib/linux/software/zoom-deb.yml
index fcb90c57d4bb..d79ee558c3ce 100644
--- a/it-and-security/lib/linux/software/zoom.yml
+++ b/it-and-security/lib/linux/software/zoom-deb.yml
@@ -1,4 +1,4 @@
 url: https://zoom.us/client/6.2.11.5069/zoom_amd64.deb
 self-service: true
 pre_install_query:
-  path: ../queries/all-debian-hosts.yml
\ No newline at end of file
+  path: ../queries/all-deb-hosts.yml
diff --git a/it-and-security/lib/linux/software/zoom-rpm.yml b/it-and-security/lib/linux/software/zoom-rpm.yml
new file mode 100644
index 000000000000..1f331cab294b
--- /dev/null
+++ b/it-and-security/lib/linux/software/zoom-rpm.yml
@@ -0,0 +1,4 @@
+url: https://zoom.us/client/6.3.0.5527/zoom_x86_64.rpm
+self-service: true
+pre_install_query:
+  path: ../queries/all-rpm-hosts.yml
diff --git a/it-and-security/lib/macos/queries/check-if-apple-silicon.yml b/it-and-security/lib/macos/queries/check-if-apple-silicon.yml
index 558fa08ca8ed..841d30f56574 100644
--- a/it-and-security/lib/macos/queries/check-if-apple-silicon.yml
+++ b/it-and-security/lib/macos/queries/check-if-apple-silicon.yml
@@ -3,4 +3,4 @@ kind: query
 spec:
   name: Check if Mac has Apple silicon
   query: SELECT 1 FROM system_info WHERE cpu_type = "arm64e";
-  platform: "darwin"
\ No newline at end of file
+  platform: "darwin"
diff --git a/it-and-security/lib/macos/queries/collect-failed-login-attempts.yml b/it-and-security/lib/macos/queries/collect-failed-login-attempts.yml
index f3b461b5ecfc..2adfb7982b98 100644
--- a/it-and-security/lib/macos/queries/collect-failed-login-attempts.yml
+++ b/it-and-security/lib/macos/queries/collect-failed-login-attempts.yml
@@ -11,4 +11,4 @@
   platform: "darwin"
   query: SELECT users.username, account_policy_data.failed_login_count, account_policy_data.failed_login_timestamp
     FROM users INNER JOIN account_policy_data using (uid) WHERE account_policy_data.failed_login_count
-    > 0;
\ No newline at end of file
+    > 0;
diff --git a/it-and-security/lib/macos/queries/collect-software-permissions-system.yml b/it-and-security/lib/macos/queries/collect-software-permissions-system.yml
index 0f576ffcf7ce..ac3b848bd195 100644
--- a/it-and-security/lib/macos/queries/collect-software-permissions-system.yml
+++ b/it-and-security/lib/macos/queries/collect-software-permissions-system.yml
@@ -2,4 +2,4 @@
   description: "Research for #16899"
   query: SELECT * from tcc_system;
   interval: 3600 # 1 hour
-  platform: darwin
\ No newline at end of file
+  platform: darwin
diff --git a/it-and-security/lib/macos/queries/collect-software-permissions-user.yml b/it-and-security/lib/macos/queries/collect-software-permissions-user.yml
index b8b0e7c75b02..93e112a5a6da 100644
--- a/it-and-security/lib/macos/queries/collect-software-permissions-user.yml
+++ b/it-and-security/lib/macos/queries/collect-software-permissions-user.yml
@@ -2,4 +2,4 @@
   description: "Research for #16899"
   query: SELECT * from tcc_user;
   interval: 3600 # 1 hour
-  platform: darwin
\ No newline at end of file
+  platform: darwin
diff --git a/it-and-security/lib/macos/software/google-chrome.yml b/it-and-security/lib/macos/software/google-chrome.yml
index fb3d1f7be9bd..54a5ef1fb5f1 100644
--- a/it-and-security/lib/macos/software/google-chrome.yml
+++ b/it-and-security/lib/macos/software/google-chrome.yml
@@ -1,2 +1,2 @@
 url: https://dl.google.com/chrome/mac/stable/accept_tos%3Dhttps%253A%252F%252Fwww.google.com%252Fintl%252Fen_ph%252Fchrome%252Fterms%252F%26_and_accept_tos%3Dhttps%253A%252F%252Fpolicies.google.com%252Fterms/googlechrome.pkg
-self_service: true
\ No newline at end of file
+self_service: true
diff --git a/it-and-security/lib/macos/software/zoom.yml b/it-and-security/lib/macos/software/zoom.yml
index 16f557ca4526..551944fa4a64 100644
--- a/it-and-security/lib/macos/software/zoom.yml
+++ b/it-and-security/lib/macos/software/zoom.yml
@@ -1,2 +1,2 @@
 url: https://zoom.us/client/6.2.10.43047/ZoomInstallerIT.pkg
-self_service: true
\ No newline at end of file
+self_service: true
diff --git a/it-and-security/lib/windows/policies/device-health.yml b/it-and-security/lib/windows/policies/device-health.yml
index 40e276caae13..2d38928dd53d 100644
--- a/it-and-security/lib/windows/policies/device-health.yml
+++ b/it-and-security/lib/windows/policies/device-health.yml
@@ -28,4 +28,4 @@
   description: Checks the status of antivirus and signature updates from the Windows Security Center.
   resolution: "Ensure Windows Defender or your third-party antivirus is running, up to date, and visible in the Windows Security Center."
   platform: windows
-  
+  
\ No newline at end of file
diff --git a/it-and-security/lib/windows/queries/all-arm-hosts.yml b/it-and-security/lib/windows/queries/all-arm-hosts.yml
new file mode 100644
index 000000000000..a9968eb3420e
--- /dev/null
+++ b/it-and-security/lib/windows/queries/all-arm-hosts.yml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: query
+spec:
+  name: All ARM hosts
+  query: SELECT * FROM os_version WHERE arch LIKE 'ARM%';
+  platform: "windows"
+  
\ No newline at end of file
diff --git a/it-and-security/lib/windows/queries/all-x86-hosts.yml b/it-and-security/lib/windows/queries/all-x86-hosts.yml
new file mode 100644
index 000000000000..ba0b8bbf0c61
--- /dev/null
+++ b/it-and-security/lib/windows/queries/all-x86-hosts.yml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: query
+spec:
+  name: All ARM hosts
+  query: SELECT * FROM os_version WHERE arch NOT LIKE 'ARM%';
+  platform: "windows"
+  
\ No newline at end of file
diff --git a/it-and-security/lib/windows/queries/collect-windows-defender.yml b/it-and-security/lib/windows/queries/collect-windows-defender.yml
index 739dfcd9992a..cfa2aa85f13d 100644
--- a/it-and-security/lib/windows/queries/collect-windows-defender.yml
+++ b/it-and-security/lib/windows/queries/collect-windows-defender.yml
@@ -7,4 +7,5 @@
   min_osquery_version: ""
   observer_can_run: true
   platform: "windows"
-  query: SELECT processes.pid, processes.name, users.username, processes.path, processes.cmdline FROM processes LEFT JOIN users ON processes.uid = users.uid WHERE processes.path != '' AND name LIKE 'MpCmdRun.exe';
\ No newline at end of file
+  query: SELECT processes.pid, processes.name, users.username, processes.path, processes.cmdline FROM processes LEFT JOIN users ON processes.uid = users.uid WHERE processes.path != '' AND name LIKE 'MpCmdRun.exe';
+  
\ No newline at end of file
diff --git a/it-and-security/lib/windows/software/google-chrome.yml b/it-and-security/lib/windows/software/google-chrome.yml
new file mode 100644
index 000000000000..82be72dc25b3
--- /dev/null
+++ b/it-and-security/lib/windows/software/google-chrome.yml
@@ -0,0 +1,2 @@
+url: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B53CCDE8D-FD40-46DE-67E7-61E96CFEFCAA%7D%26lang%3Den%26browser%3D4%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dtrue%26ap%3Dx64-stable-statsdef_0%26brand%3DGCEA/dl/chrome/install/googlechromestandaloneenterprise64.msi
+self-service: true
diff --git a/it-and-security/lib/windows/software/slack.yml b/it-and-security/lib/windows/software/slack.yml
new file mode 100644
index 000000000000..ee4ce40d532d
--- /dev/null
+++ b/it-and-security/lib/windows/software/slack.yml
@@ -0,0 +1,5 @@
+url: https://downloads.slack-edge.com/desktop-releases/windows/x64/4.41.105/SlackSetup.exe
+self_service: true
+pre_install_query:
+  path: ../queries/all-x86-hosts.yml
+  
\ No newline at end of file
diff --git a/it-and-security/lib/windows/software/zoom-arm.yml b/it-and-security/lib/windows/software/zoom-arm.yml
new file mode 100644
index 000000000000..3a8db75bdf5e
--- /dev/null
+++ b/it-and-security/lib/windows/software/zoom-arm.yml
@@ -0,0 +1,5 @@
+url: https://zoom.us/client/6.3.0.52884/ZoomInstallerFull.exe?archType=winarm64
+self-service: true
+pre_install_query:
+  path: ../queries/all-arm-hosts.yml
+  
\ No newline at end of file
diff --git a/it-and-security/lib/windows/software/zoom.yml b/it-and-security/lib/windows/software/zoom.yml
new file mode 100644
index 000000000000..0c51190a79d3
--- /dev/null
+++ b/it-and-security/lib/windows/software/zoom.yml
@@ -0,0 +1,5 @@
+url: https://zoom.us/client/6.3.0.52884/ZoomInstallerFull.exe?archType=x64
+self-service: true
+pre_install_query:
+  path: ../queries/all-x86-hosts.yml
+  
\ No newline at end of file
diff --git a/it-and-security/teams/compliance-exclusions.yml b/it-and-security/teams/compliance-exclusions.yml
index be1bfa25fbfe..46c3d1de4c06 100644
--- a/it-and-security/teams/compliance-exclusions.yml
+++ b/it-and-security/teams/compliance-exclusions.yml
@@ -32,4 +32,7 @@ policies:
 queries:
 software:
   packages:
-    - path: ../lib/linux/software/zoom.yml # Zoom for Ubuntu
\ No newline at end of file
+    - path: ../lib/linux/software/zoom-deb.yml # Zoom for Ubuntu
+    - path: ../lib/linux/software/zoom-rpm.yml # Zoom for RHEL
+    - path: ../lib/linux/software/slack-deb.yml # Zoom for Ubuntu
+    - path: ../lib/linux/software/slack-rpm.yml # Zoom for RHEL
diff --git a/it-and-security/teams/workstations-canary.yml b/it-and-security/teams/workstations-canary.yml
index 902b98f484c6..f52965dbf3b4 100644
--- a/it-and-security/teams/workstations-canary.yml
+++ b/it-and-security/teams/workstations-canary.yml
@@ -151,7 +151,10 @@ queries:
 software:
   packages:
     - path: ../lib/macos/software/mozilla-firefox.yml # Mozilla Firefox for MacOS (universal)
-    - path: ../lib/linux/software/zoom.yml # Zoom for Ubuntu
+    - path: ../lib/linux/software/zoom-deb.yml # Zoom for Ubuntu
+    - path: ../lib/linux/software/zoom-rpm.yml # Zoom for RedHat
+    - path: ../lib/linux/software/slack-deb.yml # Slack for Ubuntu
+    - path: ../lib/linux/software/slack-rpm.yml # Slack for RedHat
   app_store_apps:
       - app_store_id: '803453959' # Slack Desktop
       - app_store_id: '1333542190' # 1Password 7 Desktop