How to find all SIEM rules where field "timestampOverride" is not equal to "event.ingested"?

Hey everyone
8.12.0

Trying to find SIEM detection rules where field "timestampOverride" is not equal to "event.ingested"

GET kbn:/api/alerting/rules/_find?search_fields=params.timestampOverride&search=event.ingested
is worked.

How to find all other rules where field "timestampOverride" is not equal to "event.ingested"?

The simple filter also works

GET kbn:/api/alerting/rules/_find?filter=alert.attributes.params.timestampOverride:event.ingested

But

GET kbn:/api/alerting/rules/_find?filter
 { "bool": 
    { "must_not": [
      { "term":
        {"params.timestampOverride": "event.ingested"}
      }
    ]
    }
 }

shows all rules (not filtered) as a JSON

Any ideas?