[RAM] Fix filtering tags by special characters

x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/map_filters_to_kql.test.ts

@@ -123,4 +123,14 @@ describe('mapFiltersToKql', () => {
       'alert.attributes.tags:(a or b or c)',
     ]);
   });
+
+  test('should handle tags with special characters', () => {
+    expect(
+      mapFiltersToKql({
+        tagsFilter: ['a:b', 'b{c', 'c}d', 'd<f', 'f>e', '"ab', 'a\\b'],
+      })
+    ).toEqual([
+      'alert.attributes.tags:(a\\:b or b\\{c or c\\}d or d\\<f or f\\>e or \\"ab or a\\\\b)',
+    ]);
+  });
 });

x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/map_filters_to_kql.ts

@@ -65,7 +65,11 @@ export const mapFiltersToKql = ({
   }
 
   if (tagsFilter && tagsFilter.length) {
-    filters.push(`alert.attributes.tags:(${tagsFilter.join(' or ')})`);
+    filters.push(
+      `alert.attributes.tags:(${tagsFilter
+        .map((tag) => tag.replace(/([\)\(\<\>\}\{\"\:\\])/gm, '\\$&'))
+        .join(' or ')})`
+    );
   }
 
   return filters;

x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/alerts_list.ts

@@ -637,7 +637,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
       await assertRulesLength(4);
     });
 
-    it('should filter alerts by the tag', async () => {
+    it('should filter rules by the tag', async () => {
       await createAlert({
         supertest,
         objectRemover,
@@ -701,6 +701,47 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
       await assertRulesLength(2);
     });
 
+    it('should filter rules by tags with special characters', async () => {
+      await createAlert({
+        supertest,
+        objectRemover,
+        overwrites: {
+          tags: ['a:b'],
+        },
+      });
+      await createAlert({
+        supertest,
+        objectRemover,
+        overwrites: {
+          tags: ['a<b'],
+        },
+      });
+      await createAlert({
+        supertest,
+        objectRemover,
+        overwrites: {
+          tags: ['a{b'],
+        },
+      });
+
+      await refreshAlertsList();
+      await testSubjects.click('ruleTagFilter');
+
+      await testSubjects.click('ruleTagFilterOption-a:b');
+      await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+      await assertRulesLength(1);
+
+      await testSubjects.click('ruleTagFilterOption-a:b');
+      await testSubjects.click('ruleTagFilterOption-a<b');
+      await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+      await assertRulesLength(1);
+
+      await testSubjects.click('ruleTagFilterOption-a<b');
+      await testSubjects.click('ruleTagFilterOption-a{b');
+      await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+      await assertRulesLength(1);
+    });
+
     it('should not prevent rules with action execution capabilities from being edited', async () => {
       const action = await createAction({ supertest, objectRemover });
       await createAlert({