diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
new file mode 100644
index 000000000000..177967377f37
--- /dev/null
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
@@ -0,0 +1,52 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { JSON_LINES } from '../../screens/alerts_details';
+
+import {
+  expandFirstAlert,
+  waitForAlertsIndexToBeCreated,
+  waitForAlertsPanelToBeLoaded,
+} from '../../tasks/alerts';
+import { openJsonView, scrollJsonViewToBottom } from '../../tasks/alerts_details';
+import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { cleanKibana } from '../../tasks/common';
+import { esArchiverLoad } from '../../tasks/es_archiver';
+import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
+
+import { unmappedRule } from '../../objects/rule';
+
+import { DETECTIONS_URL } from '../../urls/navigation';
+
+describe('Alert details with unmapped fields', () => {
+  before(() => {
+    cleanKibana();
+    esArchiverLoad('unmapped_fields');
+    loginAndWaitForPageWithoutDateRange(DETECTIONS_URL);
+    waitForAlertsPanelToBeLoaded();
+    waitForAlertsIndexToBeCreated();
+    createCustomRuleActivated(unmappedRule);
+  });
+  beforeEach(() => {
+    loginAndWaitForPageWithoutDateRange(DETECTIONS_URL);
+    waitForAlertsPanelToBeLoaded();
+    expandFirstAlert();
+  });
+  it('Displays the unmapped field on the JSON view', () => {
+    const expectedUnmappedField = { line: 2, text: '  "unmapped": "This is the unmapped field"' };
+
+    openJsonView();
+    scrollJsonViewToBottom();
+
+    cy.get(JSON_LINES).then((elements) => {
+      const length = elements.length;
+      cy.wrap(elements)
+        .eq(length - expectedUnmappedField.line)
+        .should('have.text', expectedUnmappedField.text);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/cypress/objects/rule.ts b/x-pack/plugins/security_solution/cypress/objects/rule.ts
index 957046cae003..12523e39cb59 100644
--- a/x-pack/plugins/security_solution/cypress/objects/rule.ts
+++ b/x-pack/plugins/security_solution/cypress/objects/rule.ts
@@ -170,7 +170,25 @@ export const newRule: CustomRule = {
   severity: 'High',
   riskScore: '17',
   tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
+  falsePositivesExamples: ['False1', 'False2'],
+  mitre: [mitre1, mitre2],
+  note: '# test markdown',
+  runsEvery,
+  lookBack,
+  timeline,
+  maxSignals: 100,
+};
+
+export const unmappedRule: CustomRule = {
+  customQuery: '*:*',
+  index: ['unmapped*'],
+  name: 'Rule with unmapped fields',
+  description: 'The new rule description.',
+  severity: 'High',
+  riskScore: '17',
+  tags: ['test', 'newRule'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
   falsePositivesExamples: ['False1', 'False2'],
   mitre: [mitre1, mitre2],
   note: '# test markdown',
@@ -209,7 +227,7 @@ export const newOverrideRule: OverrideRule = {
   severity: 'High',
   riskScore: '17',
   tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
   falsePositivesExamples: ['False1', 'False2'],
   mitre: [mitre1, mitre2],
   note: '# test markdown',
@@ -231,7 +249,7 @@ export const newThresholdRule: ThresholdRule = {
   severity: 'High',
   riskScore: '17',
   tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
   falsePositivesExamples: ['False1', 'False2'],
   mitre: [mitre1, mitre2],
   note: '# test markdown',
@@ -267,7 +285,7 @@ export const eqlRule: CustomRule = {
   severity: 'High',
   riskScore: '17',
   tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
   falsePositivesExamples: ['False1', 'False2'],
   mitre: [mitre1, mitre2],
   note: '# test markdown',
@@ -288,7 +306,7 @@ export const eqlSequenceRule: CustomRule = {
   severity: 'High',
   riskScore: '17',
   tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
   falsePositivesExamples: ['False1', 'False2'],
   mitre: [mitre1, mitre2],
   note: '# test markdown',
@@ -305,7 +323,7 @@ export const newThreatIndicatorRule: ThreatIndicatorRule = {
   severity: 'Critical',
   riskScore: '20',
   tags: ['test', 'threat'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
   falsePositivesExamples: ['False1', 'False2'],
   mitre: [mitre1, mitre2],
   note: '# test markdown',
diff --git a/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts b/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts
index 1582f35989e2..45dcc6ea5de5 100644
--- a/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts
@@ -14,4 +14,5 @@ export const openJsonView = () => {
 export const scrollJsonViewToBottom = () => {
   cy.get(JSON_CONTENT).click({ force: true });
   cy.get(JSON_CONTENT).type('{pagedown}{pagedown}{pagedown}');
+  cy.get(JSON_CONTENT).should('be.visible');
 };
diff --git a/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts b/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts
index 5a816a71744c..617a06cc8e79 100644
--- a/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts
@@ -85,7 +85,7 @@ export const createCustomRuleActivated = (
       severity: rule.severity.toLocaleLowerCase(),
       type: 'query',
       from: 'now-17520h',
-      index: ['auditbeat-*'],
+      index: rule.index,
       query: rule.customQuery,
       language: 'kuery',
       enabled: true,
diff --git a/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/data.json b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/data.json
new file mode 100644
index 000000000000..b1e5d16e44b4
--- /dev/null
+++ b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/data.json
@@ -0,0 +1,14 @@
+{
+  "type": "doc",
+  "value": {
+    "id": "_eZE7mwBOpWiDweStB_c",
+    "index": "unmapped-7.12.0-2021.03.10-000001",
+    "source": {
+      "@timestamp":"2021-02-22T21:00:49.337Z",
+      "mydestination":{
+        "ip": ["127.0.0.1", "127.0.0.2"]
+      },
+      "unmapped": "This is the unmapped field"
+    }
+  }
+}
diff --git a/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/mappings.json b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/mappings.json
new file mode 100644
index 000000000000..7ae04b1949cc
--- /dev/null
+++ b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/mappings.json
@@ -0,0 +1,24 @@
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+    },
+    "index": "unmapped-7.12.0-2021.03.10-000001",
+    "mappings": {
+      "dynamic": false,
+      "properties":{
+        "@timestamp":{
+          "type":"date"
+        },
+        "mydestination":{
+          "properties":{
+            "ip":{
+              "index": "false",
+              "type":"ip"
+            }
+          }
+        }
+      }
+    }
+  }
+}