fix null query filter conversion from sigma to query string query

Signed-off-by: Surya Sashank Nistala <[email protected]>

Author: eirsep

src/main/java/org/opensearch/securityanalytics/rules/backend/OSQueryBackend.java

@@ -131,7 +131,7 @@ public OSQueryBackend(Map<String, String> fieldMappings, boolean collectErrors,
         this.reEscapeChar = "\\";
         this.reExpression = "%s: /%s/";
         this.cidrExpression = "%s: \"%s\"";
-        this.fieldNullExpression = "%s: null";
+        this.fieldNullExpression = "%s: (NOT [* TO *])";
         this.unboundValueStrExpression = "%s: \"%s\"";
         this.unboundValueNumExpression = "%s: %s";
         this.unboundWildcardExpression = "%s: %s";