[ti_rapid7] Update format_version to 3.0.0

[kcreddy]

What does this PR do?

• Update format_version to 3.0.0
• Add owner.type: elastic to package manifest.
• Update indicator rules with predefined indices instead of all. i.e., with "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*". These are the indices as per Prebuilt Indicator Match Rules installed by Elastic

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Related issues

• Relates [SEI] Integrations requiring manual testing for spec 3.0 #7814

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-09-26T13:29:45.248+0000

• Duration: 16 min 24 sec

Test stats 🧪

Test	Results
Failed	0
Passed	23
Skipped	0
Total	23

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (3/3)	💚
Files	100.0% (3/3)	💚
Classes	100.0% (3/3)	💚
Methods	88.372% (38/43)	❕
Lines	94.245% (868/921)	❕
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[mrodm]

Please wait to merge this PR @kcreddy , merging this branch would publish this package as GA with spec v3 but this spec is not GA yet.

@andrewkroh could you check with your team in case there are more PRs updating format_version ? To try to avoid publishing more packages updating to format_version 3.0.0

We are checking how this validation is performed in elastic-package

Thanks!!

cc @jsoriano

[mrodm]

Please wait to merge this PR @kcreddy , merging this branch would publish this package as GA with spec v3 but this spec is not GA yet.

@andrewkroh could you check with your team in case there are more PRs updating format_version ? To try to avoid publishing more packages updating to format_version 3.0.0

We are checking how this validation is performed in elastic-package

Thanks!!

cc @jsoriano

@kcreddy you could proceed with this PR, just be aware that the spec v3 is not GA yet and there could be still changes in that version (e.g. more validation rules to be applied).

Just as a note, remember to add the capabilities if this package has some special requirement.

Sorry for the inconveniences

[kcreddy]

@kcreddy you could proceed with this PR, just be aware that the spec v3 is not GA yet and there could be still changes in that version (e.g. more validation rules to be applied).

Great, thanks for the confirmation!

Just as a note, remember to add the capabilities if this package has some special requirement.

I think as outlined in the meta issue for SEI packages, is to not specifically add capabilities

[elasticmachine]

Package ti_rapid7_threat_command - 1.10.0 containing this change is available at https://epr.elastic.co/search?package=ti_rapid7_threat_command

[elasticmachine]

Package ti_rapid7_threat_command - 1.10.0 containing this change is available at https://epr.elastic.co/search?package=ti_rapid7_threat_command

[elasticmachine]

Package ti_rapid7_threat_command - 1.10.0 containing this change is available at https://epr.elastic.co/search?package=ti_rapid7_threat_command