[Bug] Collect Events Outdated Sort Argument

[eric-forte-elastic]

Describe the bug
When running collect events to capture data, the current search call specified the sort order via field:order which is not supported.
Current:

self.search(dsl, language='dsl', index=indexes, start_time=start_time, end_time='now', size=5000,
                              sort='@timestamp:asc')

Required:

results = self.search(dsl, language='dsl', index=indexes, start_time=start_time, end_time='now', size=5000,
                              sort=[{'@timestamp': {'order': 'asc'}}])

To Reproduce
Steps to reproduce the behavior:

1. Use the collect-events command to attempt to collect data

endpoint-rules on  2356-fr-add-host-family-to-data-path [?] via  v3.8.10 (venv) on  eric.forte took 20s 
❯ python -m endpoint_rules es --cloud-id <cloud_id> collect-events --rta-name bitsadmin_execution <host_id>

███████╗███╗   ██╗██████╗ ██████╗  ██████╗ ██╗███╗   ██╗████████╗
██╔════╝████╗  ██║██╔══██╗██╔══██╗██╔═══██╗██║████╗  ██║╚══██╔══╝
█████╗  ██╔██╗ ██║██║  ██║██████╔╝██║   ██║██║██╔██╗ ██║   ██║
██╔══╝  ██║╚██╗██║██║  ██║██╔═══╝ ██║   ██║██║██║╚██╗██║   ██║
███████╗██║ ╚████║██████╔╝██║     ╚██████╔╝██║██║ ╚████║   ██║
╚══════╝╚═╝  ╚═══╝╚═════╝ ╚═╝      ╚═════╝ ╚═╝╚═╝  ╚═══╝   ╚═╝
        ██████╗ ██╗   ██╗██╗     ███████╗███████╗
        ██╔══██╗██║   ██║██║     ██╔════╝██╔════╝
        ██████╔╝██║   ██║██║     █████╗  ███████╗
        ██╔══██╗██║   ██║██║     ██╔══╝  ╚════██║
        ██║  ██║╚██████╔╝███████╗███████╗███████║
        ╚═╝  ╚═╝ ╚═════╝ ╚══════╝╚══════╝╚══════╝

es_user: eric.forte
es_password: 
Press any key once detonation is complete ...
Press any key once detonation is complete ...
CLI Error (AssertionError): No events collected! Verify events are streaming and that the agent-hostname is correct

Expected behavior
When running collect-events this is an example of correct output (where the events are collected)

endpoint-rules on  2356-fr-add-host-family-to-data-path [?] via  v3.8.10 (venv) on  eric.forte took 20s 
❯ python -m endpoint_rules es --cloud-id <cloud_id> collect-events --rta-name bitsadmin_execution <host_id>

███████╗███╗   ██╗██████╗ ██████╗  ██████╗ ██╗███╗   ██╗████████╗
██╔════╝████╗  ██║██╔══██╗██╔══██╗██╔═══██╗██║████╗  ██║╚══██╔══╝
█████╗  ██╔██╗ ██║██║  ██║██████╔╝██║   ██║██║██╔██╗ ██║   ██║
██╔══╝  ██║╚██╗██║██║  ██║██╔═══╝ ██║   ██║██║██║╚██╗██║   ██║
███████╗██║ ╚████║██████╔╝██║     ╚██████╔╝██║██║ ╚████║   ██║
╚══════╝╚═╝  ╚═══╝╚═════╝ ╚═╝      ╚═════╝ ╚═╝╚═╝  ╚═══╝   ╚═╝
        ██████╗ ██╗   ██╗██╗     ███████╗███████╗
        ██╔══██╗██║   ██║██║     ██╔════╝██╔════╝
        ██████╔╝██║   ██║██║     █████╗  ███████╗
        ██╔══██╗██║   ██║██║     ██╔══╝  ╚════██║
        ██║  ██║╚██████╔╝███████╗███████╗███████║
        ╚═╝  ╚═╝ ╚═════╝ ╚══════╝╚══════╝╚══════╝

es_user: eric.forte
es_password: 
Press any key once detonation is complete ...
149 events saved to: /tmp/init_tmp/endpoint-rules/unit_tests/data/true_positives/bitsadmin_execution/windows/endpoint.ndjson
32 events saved to: /tmp/init_tmp/endpoint-rules/unit_tests/data/true_positives/bitsadmin_execution/windows/metricbeat.ndjson
2 events saved to: /tmp/init_tmp/endpoint-rules/unit_tests/data/true_positives/bitsadmin_execution/windows/filebeat.ndjson

Additional context
This is the result of a bug that was present in the 8.11 elasticsearch library that was patched in 8.12, which enforces the correct order parameter instead of the prior behavior. In 8.11, one could make the call as currently exists in detection-rules; however, the library would strip the faulty asc string parameter and replace it with the default ascending sort order when performing the query. Since the result is the same, the bug was unnoticed.