[Security Solution] Improve regexes processing KQL (#194215)

## Summary

See linked ticket

(cherry picked from commit 6d8f85e)

x-pack/plugins/security_solution/public/common/components/ml/conditional_links/remove_kql_variables.ts

@@ -13,7 +13,7 @@ export const operators = ['and', 'or', 'not'];
 
 export const removeKqlVariablesUsingRegex = (expression: string) => {
   const myRegexp =
-    /(\s+)*(and|or|not){0,1}(\s+)*([\w\.\-\[\]]+)\s*:\s*"(\$[\w\.\-\(\)\[\]]+\$)"(\s+)*(and|or|not){0,1}(\s+)*/g;
+    /(\s*)(and|or|not){0,1}(\s*)([\w\.\-\[\]]+)\s*:\s*"(\$[\w\.\-\(\)\[\]]+\$)"(\s*)(and|or|not){0,1}(\s*)/g;
   return expression.replace(myRegexp, replacer);
 };
 

x-pack/plugins/security_solution/public/common/components/ml/conditional_links/replace_kql_commas_with_or.ts

@@ -22,7 +22,7 @@ export const replacement = (match: string, p1: string, p2: string) => {
 };
 
 export const replaceKqlCommasWithOrUsingRegex = (expression: string) => {
-  const myRegexp = /([\w\.\-\[\]]+)\s*:\s*"(([\w\.\-\(\)\[\]]+,[\w\.\-\(\)\[\]]+){1,})"/g;
+  const myRegexp = /([\w\.\-\[\]]+)\s*:\s*"(([\w\.\-\(\)\[\]]+)(,[\w\.\-\(\)\[\]]+){1,})"/g;
   return expression.replace(myRegexp, replacement);
 };