diff --git a/tests/bug-4903/bug-4903-01/test.yaml b/tests/bug-4903/bug-4903-01/test.yaml
index 61ef84932..0c0b4e3f2 100644
--- a/tests/bug-4903/bug-4903-01/test.yaml
+++ b/tests/bug-4903/bug-4903-01/test.yaml
@@ -54,12 +54,8 @@ checks:
 - filter:
     count: 1
     match:
-      dest_ip: 192.168.200.1
-      dest_port: 22
       event_type: ssh
       proto: TCP
-      src_ip: 192.168.100.1
-      src_port: 10000
       ssh.server.proto_version: '1.99'
       ssh.server.software_version: Cisco_server-1.24
 - filter:
diff --git a/tests/bug-4903/bug-4903-02/test.yaml b/tests/bug-4903/bug-4903-02/test.yaml
index 562558f25..56e891d7f 100644
--- a/tests/bug-4903/bug-4903-02/test.yaml
+++ b/tests/bug-4903/bug-4903-02/test.yaml
@@ -54,12 +54,8 @@ checks:
 - filter:
     count: 1
     match:
-      dest_ip: 192.168.200.1
-      dest_port: 22
       event_type: ssh
       proto: TCP
-      src_ip: 192.168.100.1
-      src_port: 10001
       ssh.server.proto_version: '1.99'
       ssh.server.software_version: Cisco_server-1.24
 - filter:
diff --git a/tests/bug-4903/bug-4903-04/test.yaml b/tests/bug-4903/bug-4903-04/test.yaml
index 4ef142345..6d3b4cc35 100644
--- a/tests/bug-4903/bug-4903-04/test.yaml
+++ b/tests/bug-4903/bug-4903-04/test.yaml
@@ -60,13 +60,9 @@ checks:
 - filter:
     count: 1
     match:
-      dest_ip: 192.168.200.1
-      dest_port: 22
       event_type: ssh
       pcap_cnt: 6
       proto: TCP
-      src_ip: 192.168.100.1
-      src_port: 10003
       ssh.client.proto_version: '2.0'
       ssh.client.software_version: Cisco_client-1.25
       ssh.server.proto_version: '1.99'
diff --git a/tests/ftp/ftp-too-long-command/test.yaml b/tests/ftp/ftp-too-long-command/test.yaml
index 3336d8883..f1df7213d 100644
--- a/tests/ftp/ftp-too-long-command/test.yaml
+++ b/tests/ftp/ftp-too-long-command/test.yaml
@@ -34,3 +34,4 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 2232000
+        ftp.command: "RETR"
diff --git a/tests/krb5-kerberoasting/test.yaml b/tests/krb5-kerberoasting/test.yaml
index bd5ba8a3f..783640d4e 100644
--- a/tests/krb5-kerberoasting/test.yaml
+++ b/tests/krb5-kerberoasting/test.yaml
@@ -21,6 +21,7 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+        krb5.msg_type: KRB_TGS_REP
   - filter:
       count: 1
       match:
diff --git a/tests/output-eve-tftp-01/test.yaml b/tests/output-eve-tftp-01/test.yaml
index b83cefc3e..802379136 100644
--- a/tests/output-eve-tftp-01/test.yaml
+++ b/tests/output-eve-tftp-01/test.yaml
@@ -15,3 +15,9 @@ checks:
     count: 1
     match:
       event_type: alert
+- filter:
+    min-version: 7
+    count: 1
+    match:
+      event_type: alert
+      tftp.packet: "read"