diff --git a/docs/detections/alerts-run-osquery.asciidoc b/docs/detections/alerts-run-osquery.asciidoc
index b658565e4e..bf9542410f 100644
--- a/docs/detections/alerts-run-osquery.asciidoc
+++ b/docs/detections/alerts-run-osquery.asciidoc
@@ -13,8 +13,9 @@ You must complete the following to access Osquery and run searches against your
 ============
 
 
-. Click the *View details* button from the Alerts table to open the Alert details flyout.
-. Click *Take action*, then select *Run Osquery*.
+. Do one of the following from the Alerts table:
+** Click the *View details* button to open the Alert details flyout, then click *Take action -> Run Osquery*.
+** Select the *More actions* menu (*...*), then select *Run Osquery*.
 . Select one or more {agent}s or groups to query. Start typing in the search field to get suggestions for {agent}s by name, ID, platform, and policy.
 
 +
@@ -35,8 +36,15 @@ image::images/setup-query.png[width=80%][height=80%][Shows how to set up the que
 TIP: To save the query for future use, click *Save for later* and define the ID,
 description, and other {kibana-ref}/osquery.html#osquery-manage-query[details].
 
-. Review the results in the table. You can also navigate to *Discover* to dive deeper into the response,
-or use the drag-and-drop *Lens* editor to create visualizations.
+. Review the results in the table. You can also:
+** Navigate to *Discover* to dive deeper into the response.
+** Use the drag-and-drop *Lens* editor to create visualizations.
+** Click the *Timeline* button (image:images/timeline-button-osquery.png[Click markdown icon,20,20]) to investigate a single query result in Timeline or *Add to timeline investigation* to investigate all results.
+
++
+TIP: An `action_ID` is generated when you run an Osquery query. The `action_ID` field and value pair is passed to the Timeline's KQL filter when you select the option to open all results in Timeline.
++
+
 . To view more information about the request, such as failures, open the *Status* tab in the results table.
 +
 [role="screenshot"]
diff --git a/docs/detections/images/query-results.png b/docs/detections/images/query-results.png
index 1352476605..d8db7723f7 100644
Binary files a/docs/detections/images/query-results.png and b/docs/detections/images/query-results.png differ
diff --git a/docs/detections/images/setup-query.png b/docs/detections/images/setup-query.png
index d2d33e7065..19d34f63e9 100644
Binary files a/docs/detections/images/setup-query.png and b/docs/detections/images/setup-query.png differ
diff --git a/docs/detections/images/timeline-button-osquery.png b/docs/detections/images/timeline-button-osquery.png
new file mode 100644
index 0000000000..280d98dc6f
Binary files /dev/null and b/docs/detections/images/timeline-button-osquery.png differ