[Bug] KQL syntax error w/ Space between wildcard keywords

### Describe the Bug

```
event.dataset: "aws.cloudtrail"
    and user_agent.original: (*S3 Browser* or *Cyberduck*)
    and event.outcome: "success"
```

When running this query in Kibana, I get the intended results with no errors. 

<img width="3060" height="1294" alt="Image" src="https://github.com/user-attachments/assets/597f054e-8766-453f-bd3b-92bd4633af91" />

However, when I use this query in my detection rule, the space between `S3` and `Browser` throws an error with our unit tests.  I do not get the same error when I add a wildcard between the two `*S3*Browser*` but in production this will result in false positives so is not a viable solution. 

<img width="1223" height="793" alt="Image" src="https://github.com/user-attachments/assets/38d7b455-e28e-45fd-96ac-815843b01e2e" />



### To Reproduce

Run our unit tests against a KQL query with wildcards and a space between words. 

### Expected Behavior

I expect that this syntax be validated by our unit tests since it is valid in Kibana. 

### Additional Context
PR in question : 
- https://github.com/elastic/detection-rules/pull/5694


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] KQL syntax error w/ Space between wildcard keywords #5750

Describe the Bug

To Reproduce

Expected Behavior

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Bug] KQL syntax error w/ Space between wildcard keywords #5750

Description

Describe the Bug

To Reproduce

Expected Behavior

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions