diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/filter_events_with_list.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/filter_events_with_list.ts
index 654ace290f85fe..ea52aecb379faf 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/filter_events_with_list.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/filter_events_with_list.ts
@@ -32,6 +32,7 @@ export const filterEventsAgainstList = async ({
   buildRuleMessage,
 }: FilterEventsAgainstList): Promise<SignalSearchResponse> => {
   try {
+    logger.debug(buildRuleMessage(`exceptionsList: ${JSON.stringify(exceptionsList, null, 2)}`));
     if (exceptionsList == null || exceptionsList.length === 0) {
       logger.debug(buildRuleMessage('about to return original search result'));
       return eventSearchResult;
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts
index cd6beb9c68ab2c..2a0e39cbbf237f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts
@@ -91,7 +91,7 @@ export const searchAfterAndBulkCreate = async ({
   };
 
   let sortId; // tells us where to start our next search_after query
-  let signalsCreatedCount = 0;
+  let searchResultSize = 0;
 
   /*
     The purpose of `maxResults` is to ensure we do not perform
@@ -127,8 +127,8 @@ export const searchAfterAndBulkCreate = async ({
       toReturn.success = false;
       return toReturn;
     }
-    signalsCreatedCount = 0;
-    while (signalsCreatedCount < tuple.maxSignals) {
+    searchResultSize = 0;
+    while (searchResultSize < tuple.maxSignals) {
       try {
         logger.debug(buildRuleMessage(`sortIds: ${sortId}`));
         const {
@@ -167,6 +167,7 @@ export const searchAfterAndBulkCreate = async ({
                 searchResult.hits.hits[searchResult.hits.hits.length - 1]?._source['@timestamp']
               )
             : null;
+        searchResultSize += searchResult.hits.hits.length;
 
         // filter out the search results that match with the values found in the list.
         // the resulting set are valid signals that are not on the allowlist.
@@ -186,14 +187,6 @@ export const searchAfterAndBulkCreate = async ({
           break;
         }
 
-        // make sure we are not going to create more signals than maxSignals allows
-        if (signalsCreatedCount + filteredEvents.hits.hits.length > tuple.maxSignals) {
-          filteredEvents.hits.hits = filteredEvents.hits.hits.slice(
-            0,
-            tuple.maxSignals - signalsCreatedCount
-          );
-        }
-
         const {
           bulkCreateDuration: bulkDuration,
           createdItemsCount: createdCount,
@@ -218,7 +211,6 @@ export const searchAfterAndBulkCreate = async ({
         });
         logger.debug(buildRuleMessage(`created ${createdCount} signals`));
         toReturn.createdSignalsCount += createdCount;
-        signalsCreatedCount += createdCount;
         if (bulkDuration) {
           toReturn.bulkCreateTimes.push(bulkDuration);
         }