diff --git a/packages/ti_recordedfuture/changelog.yml b/packages/ti_recordedfuture/changelog.yml
index 89263a64b69..0d4babacefe 100644
--- a/packages/ti_recordedfuture/changelog.yml
+++ b/packages/ti_recordedfuture/changelog.yml
@@ -1,6 +1,9 @@
 # newer versions go on top
 - version: "1.16.0"
   changes:
+    - description: Add DLM policy. Add owner.type to package manifest. Update format_version to 3.0.0
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/7848
     - description: Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.
       type: enhancement
       link: https://github.com/elastic/integrations/pull/7789
diff --git a/packages/ti_recordedfuture/data_stream/threat/lifecycle.yml b/packages/ti_recordedfuture/data_stream/threat/lifecycle.yml
new file mode 100644
index 00000000000..5a4af9095b7
--- /dev/null
+++ b/packages/ti_recordedfuture/data_stream/threat/lifecycle.yml
@@ -0,0 +1 @@
+data_retention: "5d"
diff --git a/packages/ti_recordedfuture/elasticsearch/transform/latest_ioc/transform.yml b/packages/ti_recordedfuture/elasticsearch/transform/latest_ioc/transform.yml
index 561a8e8e238..f8e79a85ec4 100644
--- a/packages/ti_recordedfuture/elasticsearch/transform/latest_ioc/transform.yml
+++ b/packages/ti_recordedfuture/elasticsearch/transform/latest_ioc/transform.yml
@@ -21,7 +21,8 @@ frequency: 30s
 sync:
   time:
     field: event.ingested
-    delay: 60s
+    # Updated to 120s because of refresh delay in Serverless. With default 60s, sometimes transform wouldn't process all documents.
+    delay: 120s
 retention_policy:
   time:
     field: event.ingested
diff --git a/packages/ti_recordedfuture/manifest.yml b/packages/ti_recordedfuture/manifest.yml
index a4aa8131f26..9802aa24d15 100644
--- a/packages/ti_recordedfuture/manifest.yml
+++ b/packages/ti_recordedfuture/manifest.yml
@@ -3,7 +3,7 @@ title: Recorded Future
 version: "1.16.0"
 description: Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent.
 type: integration
-format_version: 2.11.0
+format_version: 3.0.0
 categories: ["security", "threat_intel"]
 conditions:
   kibana:
@@ -26,3 +26,4 @@ policy_templates:
         description: "Load indicators from a CSV file"
 owner:
   github: elastic/security-external-integrations
+  type: elastic