diff --git a/appsec/tests/helper/client_test.cpp b/appsec/tests/helper/client_test.cpp
index d151635c19..ec83974b27 100644
--- a/appsec/tests/helper/client_test.cpp
+++ b/appsec/tests/helper/client_test.cpp
@@ -1790,7 +1790,6 @@ TEST(ClientTest, RequestInitWithFingerprint)
         network::request_init::request msg;
 
         msg.data = parameter::map();
-        msg.data.add("http.client_ip", parameter::string("192.168.1.1"sv));
 
         // Endpoint Fingerprint inputs
         auto query = parameter::map();
@@ -1822,7 +1821,7 @@ TEST(ClientTest, RequestInitWithFingerprint)
         EXPECT_TRUE(c.run_request());
         auto msg_res =
             dynamic_cast<network::request_init::response *>(res.get());
-        EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "block");
+        EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "record");
     }
 
     // Request Shutdown
@@ -1845,21 +1844,17 @@ TEST(ClientTest, RequestInitWithFingerprint)
         EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "ok");
         EXPECT_EQ(msg_res->triggers.size(), 0);
 
-        EXPECT_TRUE(std::regex_match(
-            msg_res->meta["_dd.appsec.fp.http.endpoint"].c_str(),
-            std::regex("http-get(-[A-Za-z0-9]*){3}")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.http.endpoint"].c_str(),
+            MatchesRegex("http-get(-[A-Za-z0-9]*){3}"));
 
-        EXPECT_TRUE(std::regex_match(
-            msg_res->meta["_dd.appsec.fp.http.network"].c_str(),
-            std::regex("net-[0-9]*-[a-zA-Z0-9]*")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.http.network"].c_str(),
+            MatchesRegex("net-[0-9]*-[a-zA-Z0-9]*"));
 
-        EXPECT_TRUE(
-            std::regex_match(msg_res->meta["_dd.appsec.fp.http.header"].c_str(),
-                std::regex("hdr(-[0-9]*-[a-zA-Z0-9]*){2}")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.http.header"].c_str(),
+            MatchesRegex("hdr(-[0-9]*-[a-zA-Z0-9]*){2}"));
 
-        EXPECT_TRUE(
-            std::regex_match(msg_res->meta["_dd.appsec.fp.session"].c_str(),
-                std::regex("ssn(-[a-zA-Z0-9]*){4}")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.session"].c_str(),
+            MatchesRegex("ssn(-[a-zA-Z0-9]*){4}"));
     }
 }
 
@@ -1877,7 +1872,6 @@ TEST(ClientTest, RequestExecWithFingerprint)
     {
         network::request_exec::request msg;
         msg.data = parameter::map();
-        msg.data.add("http.client_ip", parameter::string("192.168.1.1"sv));
 
         // Endpoint Fingerprint inputs
         auto query = parameter::map();
@@ -1909,7 +1903,7 @@ TEST(ClientTest, RequestExecWithFingerprint)
         EXPECT_TRUE(c.run_request());
         auto msg_res =
             dynamic_cast<network::request_exec::response *>(res.get());
-        EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "block");
+        EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "record");
     }
 
     // Request Shutdown
@@ -1931,21 +1925,17 @@ TEST(ClientTest, RequestExecWithFingerprint)
             dynamic_cast<network::request_shutdown::response *>(res.get());
         EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "ok");
 
-        EXPECT_TRUE(std::regex_match(
-            msg_res->meta["_dd.appsec.fp.http.endpoint"].c_str(),
-            std::regex("http-get(-[A-Za-z0-9]*){3}")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.http.endpoint"].c_str(),
+            MatchesRegex("http-get(-[A-Za-z0-9]*){3}"));
 
-        EXPECT_TRUE(std::regex_match(
-            msg_res->meta["_dd.appsec.fp.http.network"].c_str(),
-            std::regex("net-[0-9]*-[a-zA-Z0-9]*")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.http.network"].c_str(),
+            MatchesRegex("net-[0-9]*-[a-zA-Z0-9]*"));
 
-        EXPECT_TRUE(
-            std::regex_match(msg_res->meta["_dd.appsec.fp.http.header"].c_str(),
-                std::regex("hdr(-[0-9]*-[a-zA-Z0-9]*){2}")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.http.header"].c_str(),
+            MatchesRegex("hdr(-[0-9]*-[a-zA-Z0-9]*){2}"));
 
-        EXPECT_TRUE(
-            std::regex_match(msg_res->meta["_dd.appsec.fp.session"].c_str(),
-                std::regex("ssn(-[a-zA-Z0-9]*){4}")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.session"].c_str(),
+            MatchesRegex("ssn(-[a-zA-Z0-9]*){4}"));
     }
 }
 
@@ -1964,7 +1954,6 @@ TEST(ClientTest, RequestShutdownWithFingerprint)
         network::request_shutdown::request msg;
 
         msg.data = parameter::map();
-        msg.data.add("http.client_ip", parameter::string("192.168.1.1"sv));
 
         // Endpoint Fingerprint inputs
         auto query = parameter::map();
@@ -1996,23 +1985,19 @@ TEST(ClientTest, RequestShutdownWithFingerprint)
         EXPECT_TRUE(c.run_request());
         auto msg_res =
             dynamic_cast<network::request_shutdown::response *>(res.get());
-        EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "block");
+        EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "record");
 
-        EXPECT_TRUE(std::regex_match(
-            msg_res->meta["_dd.appsec.fp.http.endpoint"].c_str(),
-            std::regex("http-get(-[A-Za-z0-9]*){3}")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.http.endpoint"].c_str(),
+            MatchesRegex("http-get(-[A-Za-z0-9]*){3}"));
 
-        EXPECT_TRUE(std::regex_match(
-            msg_res->meta["_dd.appsec.fp.http.network"].c_str(),
-            std::regex("net-[0-9]*-[a-zA-Z0-9]*")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.http.network"].c_str(),
+            MatchesRegex("net-[0-9]*-[a-zA-Z0-9]*"));
 
-        EXPECT_TRUE(
-            std::regex_match(msg_res->meta["_dd.appsec.fp.http.header"].c_str(),
-                std::regex("hdr(-[0-9]*-[a-zA-Z0-9]*){2}")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.http.header"].c_str(),
+            MatchesRegex("hdr(-[0-9]*-[a-zA-Z0-9]*){2}"));
 
-        EXPECT_TRUE(
-            std::regex_match(msg_res->meta["_dd.appsec.fp.session"].c_str(),
-                std::regex("ssn(-[a-zA-Z0-9]*){4}")));
+        EXPECT_THAT(msg_res->meta["_dd.appsec.fp.session"].c_str(),
+            MatchesRegex("ssn(-[a-zA-Z0-9]*){4}"));
     }
 }
 
diff --git a/appsec/tests/helper/common.hpp b/appsec/tests/helper/common.hpp
index 0a27bc7269..6fbde24eab 100644
--- a/appsec/tests/helper/common.hpp
+++ b/appsec/tests/helper/common.hpp
@@ -21,6 +21,7 @@ using ::testing::ByRef;
 using ::testing::DoAll;
 using ::testing::ElementsAre;
 using ::testing::Invoke;
+using ::testing::MatchesRegex;
 using ::testing::Return;
 using ::testing::SaveArg;
 using ::testing::SetArgPointee;
diff --git a/appsec/tests/helper/main.cpp b/appsec/tests/helper/main.cpp
index 3bc5ba5eb6..1129f6b782 100644
--- a/appsec/tests/helper/main.cpp
+++ b/appsec/tests/helper/main.cpp
@@ -11,8 +11,7 @@
 
 std::string create_sample_rules_ok()
 {
-    const static char data[] =
-        R"({
+    const static char data[] = R"({
   "version": "2.1",
   "metadata": {
     "rules_version": "1.2.3"
@@ -20,7 +19,7 @@ std::string create_sample_rules_ok()
   "rules": [
     {
       "id": "blk-001-001",
-      "name": "BlockIPAddresses",
+      "name": "Block IP Addresses",
       "tags": {
         "type": "block_ip",
         "category": "security_response"
@@ -47,7 +46,7 @@ std::string create_sample_rules_ok()
     },
     {
       "id": "blk-001-002",
-      "name": "BlockIPAddresseswithallactions",
+      "name": "Block IP Addresses with all actions",
       "tags": {
         "type": "block_ip",
         "category": "security_response"
@@ -77,7 +76,7 @@ std::string create_sample_rules_ok()
     },
     {
       "id": "crs-913-110",
-      "name": "FoundrequestheaderassociatedwithAcunetixsecurityscanner",
+      "name": "Found request header associated with Acunetix security scanner",
       "tags": {
         "type": "security_scanner",
         "crs_id": "913110",
@@ -104,7 +103,7 @@ std::string create_sample_rules_ok()
     },
     {
       "id": "req_shutdown_rule",
-      "name": "Rulematchonresponsecode",
+      "name": "Rule match on response code",
       "tags": {
         "type": "req_shutdown_type",
         "crs_id": "none",
diff --git a/appsec/tests/helper/waf_test.cpp b/appsec/tests/helper/waf_test.cpp
index 102991dbd8..8be992ecf0 100644
--- a/appsec/tests/helper/waf_test.cpp
+++ b/appsec/tests/helper/waf_test.cpp
@@ -404,17 +404,17 @@ TEST(WafTest, FingerprintAreAdded)
 
     ctx->get_meta_and_metrics(meta, metrics);
     EXPECT_FALSE(meta.empty());
-    EXPECT_TRUE(std::regex_match(meta["_dd.appsec.fp.http.endpoint"].c_str(),
-        std::regex("http-get(-[A-Za-z0-9]*){3}")));
+    EXPECT_THAT(meta["_dd.appsec.fp.http.endpoint"].c_str(),
+        MatchesRegex("http-get(-[A-Za-z0-9]*){3}"));
 
-    EXPECT_TRUE(std::regex_match(meta["_dd.appsec.fp.http.network"].c_str(),
-        std::regex("net-[0-9]*-[a-zA-Z0-9]*")));
+    EXPECT_THAT(meta["_dd.appsec.fp.http.network"].c_str(),
+        MatchesRegex("net-[0-9]*-[a-zA-Z0-9]*"));
 
-    EXPECT_TRUE(std::regex_match(meta["_dd.appsec.fp.http.header"].c_str(),
-        std::regex("hdr(-[0-9]*-[a-zA-Z0-9]*){2}")));
+    EXPECT_THAT(meta["_dd.appsec.fp.http.header"].c_str(),
+        MatchesRegex("hdr(-[0-9]*-[a-zA-Z0-9]*){2}"));
 
-    EXPECT_TRUE(std::regex_match(meta["_dd.appsec.fp.session"].c_str(),
-        std::regex("ssn(-[a-zA-Z0-9]*){4}")));
+    EXPECT_THAT(meta["_dd.appsec.fp.session"].c_str(),
+        MatchesRegex("ssn(-[a-zA-Z0-9]*){4}"));
 }
 
 TEST(WafTest, ActionsAreSentAndParsed)