address pr comments

Author: efd6

packages/carbon_black_cloud/changelog.yml

@@ -4,6 +4,11 @@
     - description: Fix handling mapping of process lineage for `endpoint.event.procstart` events.
       type: bugfix
       link: https://github.com/elastic/integrations/pull/15772
+    - description: >-
+        Process identity fields are changed for `endpoint.event.procstart` events, with the lineage
+        shifted to be process, parent and grand parent, instead of child, process and parent.
+      type: breaking-change
+      link: https://github.com/elastic/integrations/pull/15772
 - version: "3.2.1"
   changes:
     - description: Add temporary processor to remove the fields added by the Agentless policy.

packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml

@@ -294,7 +294,7 @@ processors:
       if: ctx.json?.type != null && ctx.json.type != 'endpoint.event.procstart'
       ignore_missing_pipeline: true
   - pipeline:
-      tag: pipeline_process_non_procstart
+      tag: pipeline_process_procstart
       name: '{{ IngestPipeline "process_procstart" }}'
       if: ctx.json?.type == 'endpoint.event.procstart'
       ignore_missing_pipeline: true