diff --git a/tests/exception-policy-simulated-flow-memcap/test.rules b/tests/exception-policy-simulated-flow-memcap/test.rules
index b9d1df2fb..97d3761b9 100644
--- a/tests/exception-policy-simulated-flow-memcap/test.rules
+++ b/tests/exception-policy-simulated-flow-memcap/test.rules
@@ -1 +1,3 @@
-alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+# do not test alert for every tls, as there can be additional pseudo-packets
+# alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+alert tls any any -> any any (msg:"Stamus TLS"; tls_cert_issuer; content:"O=Stamus"; sid:1; rev:1;)
diff --git a/tests/exception-policy-simulated-flow-memcap/test.yaml b/tests/exception-policy-simulated-flow-memcap/test.yaml
index 11632c687..f3fce2ae5 100644
--- a/tests/exception-policy-simulated-flow-memcap/test.yaml
+++ b/tests/exception-policy-simulated-flow-memcap/test.yaml
@@ -12,10 +12,6 @@ args:
 - --set flow.memcap-policy=drop-flow
 
 checks:
-  - filter:
-      count: 97
-      match:
-        event_type: alert
   - filter:
       count: 1
       match:
@@ -30,3 +26,8 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_pickups: 1
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 1