diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.test.ts b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.test.ts
index 209ec81168271..7dd0982cc58b5 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.test.ts
+++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.test.ts
@@ -89,7 +89,7 @@ describe('CreateDetectionRuleFromVulnerability', () => {
       } as Vulnerability;
       const currentTimestamp = new Date().toISOString();
 
-      const query = generateVulnerabilitiesRuleQuery(mockVulnerability);
+      const query = generateVulnerabilitiesRuleQuery(mockVulnerability, currentTimestamp);
       expect(query).toEqual(
         `vulnerability.id: "CVE-2024-00005" AND event.ingested >= "${currentTimestamp}"`
       );
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts
index b723c60f9ee3d..804e89fad61d8 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts
+++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts
@@ -53,10 +53,11 @@ export const getVulnerabilityRuleName = (vulnerability: Vulnerability) => {
   });
 };
 
-export const generateVulnerabilitiesRuleQuery = (vulnerability: Vulnerability) => {
-  const currentTimestamp = new Date().toISOString();
-
-  return `vulnerability.id: "${vulnerability.id}" AND event.ingested >= "${currentTimestamp}"`;
+export const generateVulnerabilitiesRuleQuery = (
+  vulnerability: Vulnerability,
+  startTimestamp = new Date().toISOString()
+) => {
+  return `vulnerability.id: "${vulnerability.id}" AND event.ingested >= "${startTimestamp}"`;
 };
 
 const CSP_RULE_TAG = 'Cloud Security';