From 6bf3a82f512a87bfb46c523b006e7361fc3b0b20 Mon Sep 17 00:00:00 2001
From: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
Date: Mon, 25 Mar 2024 11:46:30 -0400
Subject: [PATCH] Update sort parameter (#3531)

(cherry picked from commit 350378615434338b9528c11f6bd44fb6f95270f4)
---
 detection_rules/eswrap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detection_rules/eswrap.py b/detection_rules/eswrap.py
index 77968723e..b8a6d1ab6 100644
--- a/detection_rules/eswrap.py
+++ b/detection_rules/eswrap.py
@@ -336,7 +336,7 @@ class CollectRtaEvents(CollectEvents):
     def run(self, dsl, indexes, start_time):
         """Collect the events."""
         results = self.search(dsl, language='dsl', index=indexes, start_time=start_time, end_time='now', size=5000,
-                              sort='@timestamp:asc')
+                              sort=[{'@timestamp': {'order': 'asc'}}])
         events = self._group_events_by_type(results)
         return RtaEvents(events)