diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts
index 75ae7652df962..1bdf089844746 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts
@@ -37,6 +37,9 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const log = getService('log');
   const kibanaServer = getService('kibanaServer');
+  const config = getService('config');
+  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+
   const { indexEnhancedDocuments, indexListOfDocuments, indexGeneratedDocuments } =
     dataGeneratorFactory({
       es,
@@ -49,7 +52,7 @@ export default ({ getService }: FtrProviderContext) => {
    */
   const internalIdPipe = (id: string) => `| where id=="${id}"`;
 
-  describe('@ess ES|QL rule type', () => {
+  describe('@ess @serverless ES|QL rule type', () => {
     before(async () => {
       await esArchiver.load('x-pack/test/functional/es_archives/security_solution/ecs_compliant');
     });
@@ -137,7 +140,7 @@ export default ({ getService }: FtrProviderContext) => {
         'kibana.alert.risk_score': 55,
         'kibana.alert.rule.actions': [],
         'kibana.alert.rule.author': [],
-        'kibana.alert.rule.created_by': 'elastic',
+        'kibana.alert.rule.created_by': ELASTICSEARCH_USERNAME,
         'kibana.alert.rule.description': 'Detecting root and admin users',
         'kibana.alert.rule.enabled': true,
         'kibana.alert.rule.exceptions_list': [],
@@ -154,7 +157,7 @@ export default ({ getService }: FtrProviderContext) => {
         'kibana.alert.rule.threat': [],
         'kibana.alert.rule.to': 'now',
         'kibana.alert.rule.type': 'esql',
-        'kibana.alert.rule.updated_by': 'elastic',
+        'kibana.alert.rule.updated_by': ELASTICSEARCH_USERNAME,
         'kibana.alert.rule.version': 1,
         'kibana.alert.workflow_tags': [],
         'kibana.alert.workflow_assignee_ids': [],
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule_serverless.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule_serverless.cy.ts
deleted file mode 100644
index 95e95ca5e1439..0000000000000
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule_serverless.cy.ts
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { getEsqlRule } from '../../../../objects/rule';
-
-import { ESQL_TYPE, NEW_TERMS_TYPE, THRESHOLD_TYPE } from '../../../../screens/create_new_rule';
-
-import { login } from '../../../../tasks/login';
-import { visit } from '../../../../tasks/navigation';
-
-import { CREATE_RULE_URL } from '../../../../urls/navigation';
-import { createRule } from '../../../../tasks/api_calls/rules';
-
-describe('Detection ES|QL rules, creation', { tags: ['@serverless'] }, () => {
-  beforeEach(() => {
-    login();
-  });
-
-  it('should display ES|QL rule on form', function () {
-    visit(CREATE_RULE_URL);
-
-    // ensure, page is loaded and rule types are displayed
-    cy.get(NEW_TERMS_TYPE).should('be.visible');
-    cy.get(THRESHOLD_TYPE).should('be.visible');
-
-    cy.get(ESQL_TYPE).should('exist');
-  });
-
-  it('allow creation rule by API call', function () {
-    createRule(getEsqlRule()).then((response) => {
-      expect(response.status).to.equal(200);
-    });
-  });
-});
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/esql_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/esql_rule.cy.ts
index f4e10fa690fa6..54f78ba7ac383 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/esql_rule.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/esql_rule.cy.ts
@@ -24,7 +24,7 @@ import { visit } from '../../../../tasks/navigation';
 
 import { ruleDetailsUrl } from '../../../../urls/rule_details';
 
-describe('Detection ES|QL rules, details view', { tags: ['@ess'] }, () => {
+describe('Detection ES|QL rules, details view', { tags: ['@ess', '@serverless'] }, () => {
   const rule = getEsqlRule();
 
   beforeEach(() => {