[Security Solution] webhook action can sends invalid json payload when combined with mustache

[LouDeter]

Describe the bug:
We can use webhook, in the action section of a detection rule to send a JSON to another service. In the body of the action we can use mustache to render some context information like the query that matched some logs and generated the alert.
If the query contains a \ for exemple CommandLine:*process\ call* then mustach will render the variable "as is" but it creates an invalid JSON.

Kibana/Elasticsearch Stack version:
v 7.10.0

Server OS version:
Debian GNU/Linux 9 (stretch)

Browser and Browser OS versions:
Firefox 84.0.2 (64 bits)

Elastic Endpoint version:
N/A

Original install method (e.g. download page, yum, from source, etc.):
deb package

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
SIEM/detection rule

Steps to reproduce:

1. Create a webhook that will be listend by netcat
2. Create a new detection rule from app/security/detections/rules/create
3. Use the search CommandLine:*process\ call* and fill other fields with any value
4. In the Action tab, select the created webhook and fill the following body {"description": "{{context.rule.query}}"}
5. Have a document that match the alert like {"CommandLine": "wmic process call create cmd"}
6. Go to your netcat listener and see the request sent:

POST /api/alert HTTP/1.1
Accept: application/json, text/plain, */*
Content-Type: application/json
User-Agent: axios/0.19.2
Content-Length: 725
Host: <removed>:9000
Connection: close

{
"description": "CommandLine:*process\ call*"
}

7. Consider that the logic is right but the json is malformed because in a json string, spaces can't be escaped https://www.json.org/img/string.png
8. Try to parse the json with any json parser and it will fail

Current behavior:
Sends an invalid JSON document

Expected behavior:
results of Mustach should be "JSON dumped"

Screenshots (if relevant):

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context (logs, chat logs, magical formulas, etc.):

[MadameSheema]

@mikecote can you please take a look to this issue? Lots of thanks :)

[mikecote]

cc @elastic/kibana-alerting-services

@MadameSheema Thanks for the ping. @pmuellr, I believe you have encountered this in SDHs before, and a fix in 7.11 is merged?

[pmuellr]

Yes, this should be fixed in 7.11 via #83919