diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.test.ts
index d5d75682455c2..88dc7e9849102 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.test.ts
@@ -80,7 +80,7 @@ describe('create_signals', () => {
     });
   });
 
-  test('it builds a now-5m up to today filter with timestsampOverride', () => {
+  test('it builds a now-5m up to today filter with timestampOverride', () => {
     const query = buildEventsSearchQuery({
       index: ['auditbeat-*'],
       from: 'now-5m',
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts
index 337429b6d9796..86fb51e4785ad 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts
@@ -152,11 +152,7 @@ export const buildEventsSearchQuery = ({
     },
   };
 
-  if (
-    searchAfterSortIds != null &&
-    !isEmpty(searchAfterSortIds) &&
-    searchAfterSortIds.filter((sortId) => !isEmpty(sortId?.toString())).length > 0
-  ) {
+  if (searchAfterSortIds != null && !isEmpty(searchAfterSortIds)) {
     return {
       ...searchQuery,
       body: {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
index 8debf53e53115..33eaa5431c7d8 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
@@ -848,10 +848,6 @@ export const isThreatParams = (params: RuleParams): params is ThreatRuleParams =
 export const isMachineLearningParams = (params: RuleParams): params is MachineLearningRuleParams =>
   params.type === 'machine_learning';
 
-export const hasSafeSortIds = (sortIds: SortResults) => {
-  return sortIds?.every((sortId) => sortId != null && sortId < Number.MAX_SAFE_INTEGER);
-};
-
 /**
  * Prevent javascript from returning Number.MAX_SAFE_INTEGER when Elasticsearch expects
  * Java's Long.MAX_VALUE. This happens when sorting fields by date which are
@@ -865,7 +861,9 @@ export const hasSafeSortIds = (sortIds: SortResults) => {
  */
 export const getSafeSortIds = (sortIds: SortResults | undefined) => {
   return sortIds?.map((sortId) => {
-    if (sortId != null && sortId >= Number.MAX_SAFE_INTEGER) {
+    // haven't determined when we would receive a null value for a sort id
+    // but in case we do, default to sending the stringified Java max_int
+    if (sortId == null || sortId >= Number.MAX_SAFE_INTEGER) {
       return '9223372036854775807';
     }
     return sortId;
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
index 1c7381f17fb66..b5cdb6d1b42b4 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
@@ -845,7 +845,6 @@ export default ({ getService }: FtrProviderContext) => {
         const signals = signalsResponse.hits.hits.map((hit) => hit._source);
 
         expect(signals.length).equal(200);
-        await deleteSignalsIndex(supertest);
       });
     });