[ti_recordedfuture] Add DLM policy and update format_version to 3.0.0 (…

…#7848)

* Add DLM policy and update format_version to 3.0.0

packages/ti_recordedfuture/changelog.yml

@@ -6,6 +6,9 @@
       link: https://github.com/elastic/integrations/pull/7920
 - version: "1.16.0"
   changes:
+    - description: Add DLM policy. Add owner.type to package manifest. Update format_version to 3.0.0
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/7848
     - description: Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.
       type: enhancement
       link: https://github.com/elastic/integrations/pull/7789

packages/ti_recordedfuture/data_stream/threat/lifecycle.yml

@@ -0,0 +1 @@
+data_retention: "5d"

packages/ti_recordedfuture/elasticsearch/transform/latest_ioc/transform.yml

@@ -21,7 +21,8 @@ frequency: 30s
 sync:
   time:
     field: event.ingested
-    delay: 60s
+    # Updated to 120s because of refresh delay in Serverless. With default 60s, sometimes transform wouldn't process all documents.
+    delay: 120s
 retention_policy:
   time:
     field: event.ingested

packages/ti_recordedfuture/manifest.yml

@@ -3,7 +3,7 @@ title: Recorded Future
 version: "1.17.0"
 description: Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent.
 type: integration
-format_version: 2.11.0
+format_version: 3.0.0
 categories: ["security", "threat_intel"]
 conditions:
   kibana:
@@ -26,3 +26,4 @@ policy_templates:
         description: "Load indicators from a CSV file"
 owner:
   github: elastic/security-external-integrations
+  type: elastic