diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts
index 1065538ec09c8b..3970bbec686775 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts
@@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
   };
 
   // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/154277
-  describe.skip('Non ECS fields in alert document source', () => {
+  describe('Non ECS fields in alert document source', () => {
     before(async () => {
       await esArchiver.load(
         'x-pack/test/functional/es_archives/security_solution/ecs_non_compliant'
@@ -232,7 +232,7 @@ export default ({ getService }: FtrProviderContext) => {
       // invalid ECS field is getting removed
       expect(alertSource).toHaveProperty('threat.enrichments', []);
 
-      expect(alertSource).toHaveProperty('threat.indicator.port', 443);
+      expect(alertSource).toHaveProperty(['threat', 'indicator.port'], 443);
     });
 
     // source client.bytes is text, ECS mapping for client.bytes is long
@@ -271,8 +271,8 @@ export default ({ getService }: FtrProviderContext) => {
 
       const { errors } = await indexAndCreatePreviewAlert(document);
 
-      expect(errors).toContain(
-        'Bulk Indexing of signals failed: failed to parse field [client.geo.location] of type [geo_point]'
+      expect(errors[0]).toContain(
+        'Bulk Indexing of signals failed: [1:1193] failed to parse field [client.geo.location] of type [geo_point]'
       );
     });