From a332b2ed504ed4d687c71419d27a3006aaa7f819 Mon Sep 17 00:00:00 2001
From: eric-forte-elastic <eric.forte@elastic.co>
Date: Fri, 22 Mar 2024 14:49:00 -0400
Subject: [PATCH] Update sort parameter

---
 detection_rules/eswrap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detection_rules/eswrap.py b/detection_rules/eswrap.py
index 77968723eca..b8a6d1ab64c 100644
--- a/detection_rules/eswrap.py
+++ b/detection_rules/eswrap.py
@@ -336,7 +336,7 @@ def _group_events_by_type(events):
     def run(self, dsl, indexes, start_time):
         """Collect the events."""
         results = self.search(dsl, language='dsl', index=indexes, start_time=start_time, end_time='now', size=5000,
-                              sort='@timestamp:asc')
+                              sort=[{'@timestamp': {'order': 'asc'}}])
         events = self._group_events_by_type(results)
         return RtaEvents(events)