diff --git a/tests/community-id-ipv4/test.yaml b/tests/community-id-ipv4/test.yaml
index 436478fd6..647d58375 100644
--- a/tests/community-id-ipv4/test.yaml
+++ b/tests/community-id-ipv4/test.yaml
@@ -9,7 +9,6 @@ checks:
       dest_ip: 172.217.14.206
       dest_port: 443
       event_type: tls
-      pcap_cnt: 7
       proto: TCP
       src_ip: 172.26.0.39
       src_port: 35958
diff --git a/tests/community-id-ipv6/test.yaml b/tests/community-id-ipv6/test.yaml
index daf362242..96a056c62 100644
--- a/tests/community-id-ipv6/test.yaml
+++ b/tests/community-id-ipv6/test.yaml
@@ -9,7 +9,6 @@ checks:
       dest_ip: 2607:f8b0:400a:0800:0000:0000:0000:200e
       dest_port: 443
       event_type: tls
-      pcap_cnt: 41
       proto: TCP
       src_ip: 2600:1f13:00f8:d400:03a6:303c:e011:18eb
       src_port: 60202
@@ -22,7 +21,6 @@ checks:
       dest_ip: 2001:4860:4860:0000:0000:0000:0000:8888
       dest_port: 443
       event_type: tls
-      pcap_cnt: 7
       proto: TCP
       src_ip: 2600:1f13:00f8:d400:03a6:303c:e011:18eb
       src_port: 33892
diff --git a/tests/exception-policy-simulated-flow-memcap/test.rules b/tests/exception-policy-simulated-flow-memcap/test.rules
index b9d1df2fb..97d3761b9 100644
--- a/tests/exception-policy-simulated-flow-memcap/test.rules
+++ b/tests/exception-policy-simulated-flow-memcap/test.rules
@@ -1 +1,3 @@
-alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+# do not test alert for every tls, as there can be additional pseudo-packets
+# alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+alert tls any any -> any any (msg:"Stamus TLS"; tls_cert_issuer; content:"O=Stamus"; sid:1; rev:1;)
diff --git a/tests/exception-policy-simulated-flow-memcap/test.yaml b/tests/exception-policy-simulated-flow-memcap/test.yaml
index 11632c687..f3fce2ae5 100644
--- a/tests/exception-policy-simulated-flow-memcap/test.yaml
+++ b/tests/exception-policy-simulated-flow-memcap/test.yaml
@@ -12,10 +12,6 @@ args:
 - --set flow.memcap-policy=drop-flow
 
 checks:
-  - filter:
-      count: 97
-      match:
-        event_type: alert
   - filter:
       count: 1
       match:
@@ -30,3 +26,8 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_pickups: 1
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 1