diff --git a/docs/osquery/alerts-run-osquery.asciidoc b/docs/osquery/alerts-run-osquery.asciidoc
index 0eed7c7b1d..e9179c8bba 100644
--- a/docs/osquery/alerts-run-osquery.asciidoc
+++ b/docs/osquery/alerts-run-osquery.asciidoc
@@ -22,7 +22,9 @@ To run Osquery from an alert:
 NOTE: The host associated with the alert is automatically selected. You can specify additional hosts to query.
 
 . Specify the query or pack to run:
-** *Query*: Select a saved query or enter a new one in the text box. After you enter the query, you can expand the **Advanced** section to view or set {kibana-ref}/osquery.html#osquery-map-fields[mapped ECS fields] included in the results from the live query. Mapping ECS fields is optional.
+** *Query*: Select a saved query or enter a new one in the text box. After you enter the query, you can expand the **Advanced** section to set a timeout period for the query, and view or set {kibana-ref}/osquery.html#osquery-map-fields[mapped ECS fields] included in the results from the live query (optional).
++
+NOTE: The default and minimum value for the **Timeout** field is 60 seconds (s). The maximum value is 9000 seconds. 
 +
 TIP: Use <<osquery-placeholder-fields,placeholder fields>> to dynamically add existing alert data to your query. 
 
diff --git a/docs/osquery/images/setup-single-query.png b/docs/osquery/images/setup-single-query.png
index 427496803a..c8e2badcbe 100644
Binary files a/docs/osquery/images/setup-single-query.png and b/docs/osquery/images/setup-single-query.png differ
diff --git a/docs/osquery/invest-guide-run-osquery.asciidoc b/docs/osquery/invest-guide-run-osquery.asciidoc
index 6ca6655c06..c20a2a3c7b 100644
--- a/docs/osquery/invest-guide-run-osquery.asciidoc
+++ b/docs/osquery/invest-guide-run-osquery.asciidoc
@@ -27,7 +27,9 @@ NOTE: You can only add Osquery to investigation guides for custom rules because
 +
 TIP: Use <<osquery-placeholder-fields,placeholder fields>> to dynamically add existing alert data to your query. 
 
-.. Expand the **Advanced** section to view or set {kibana-ref}/osquery.html#osquery-map-fields[mapped ECS fields] included in the results from the live query (optional).
+.. Expand the **Advanced** section to set a timeout period for the query, and view or set {kibana-ref}/osquery.html#osquery-map-fields[mapped ECS fields] included in the results from the live query (optional).
++
+NOTE: The default and minimum value for the **Timeout** field is 60 seconds (s). The maximum value is 9000 seconds.  
 +
 [role="screenshot"]
 image::images/setup-osquery-investigation-guide.png[width=70%][height=70%][Shows results from running a query from an investigation guide]
@@ -41,7 +43,10 @@ image::images/setup-osquery-investigation-guide.png[width=70%][height=70%][Shows
 . Go to the About section of the rule details page and click *Investigation guide*.
 . Click the query. The Run Osquery pane displays with the *Query* field autofilled. Do the following:
 .. Select one or more {agent}s or groups to query. Start typing in the search field to get suggestions for {agent}s by name, ID, platform, and policy.
-.. Expand the **Advanced** section to view or set the {kibana-ref}/osquery.html#osquery-map-fields[mapped ECS fields] which are included in the live query's results (optional).
+.. Expand the **Advanced** section to set a timeout period for the query, and view or set {kibana-ref}/osquery.html#osquery-map-fields[mapped ECS fields] included in the results from the live query (optional).
++
+NOTE: The default and minimum value for the **Timeout** field is 60 seconds (s). The maximum value is 9000 seconds.  
+
 . Click *Submit* to run the query. Query results display in the flyout.
 +
 NOTE: Refer to <<view-osquery-results>> for more information about query results.
diff --git a/docs/osquery/osquery-response-action.asciidoc b/docs/osquery/osquery-response-action.asciidoc
index 4a138c2a75..55478077c1 100644
--- a/docs/osquery/osquery-response-action.asciidoc
+++ b/docs/osquery/osquery-response-action.asciidoc
@@ -33,7 +33,9 @@ You can add Osquery Response Actions to new or existing custom query rules. Quer
 + 
 NOTE: If the rule's investigation guide is using an Osquery query, you'll be asked if you want to add the query as an Osquery Response Action. Click *Add* to add the investigation guide's query to the rule's Osquery Response Action. 
 . Specify whether you want to set up a single live query or a pack:
-** *Query*: Select a saved query or enter a new one. After you enter the query, you can expand the **Advanced** section to view or set {kibana-ref}/osquery.html#osquery-map-fields[mapped ECS fields] included in the results from the live query. Mapping ECS fields is optional.
+** *Query*: Select a saved query or enter a new one. After you enter the query, you can expand the **Advanced** section to set a timeout period for the query, and view or set {kibana-ref}/osquery.html#osquery-map-fields[mapped ECS fields] included in the results from the live query (optional). 
++
+NOTE: The default and minimum value for the **Timeout** field is 60 seconds (s). The maximum value is 9000 seconds.  
 +
 TIP: You can use <<osquery-placeholder-fields,placeholder fields>> to dynamically add alert data to your query.