[FR] Updates to KQL Lib Parsing

[eric-forte-elastic]

Issues

Summary

This appears to be a simple bug in the parsing for KQL lib. However, prior to merging I want to more exhaustively test the implications of the fix. If this testing is successful, I see no issue with merging the proposed fix.

Contributor checklist

• Have you signed the contributor license agreement?
• Have you followed the contributor guidelines?

[eric-forte-elastic]

Testing results from test-cli and test-remote-cli attached, all appears successful. Note, you may need to test using Makefile from https://github.com/elastic/detection-rules/pull/4751 to avoid testing hunting as well to duplicate these results.

Commands: make test-cli > make_test_cli.txt make test-remote-cli > make_test_remote_cli.txt

Results: make_test_remote_cli.txt make_test_cli.txt