diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts.cy.ts
index 38751115823f8..3c52f70b6d491 100644
--- a/x-pack/plugins/osquery/cypress/e2e/all/alerts.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts.cy.ts
@@ -31,6 +31,7 @@ describe('Alert Event Details', () => {
 
   before(() => {
     runKbnArchiverScript(ArchiverMethod.LOAD, 'pack');
+    runKbnArchiverScript(ArchiverMethod.LOAD, 'example_pack');
     runKbnArchiverScript(ArchiverMethod.LOAD, 'rule');
   });
   beforeEach(() => {
@@ -39,6 +40,7 @@ describe('Alert Event Details', () => {
 
   after(() => {
     runKbnArchiverScript(ArchiverMethod.UNLOAD, 'pack');
+    runKbnArchiverScript(ArchiverMethod.UNLOAD, 'example_pack');
     runKbnArchiverScript(ArchiverMethod.UNLOAD, 'rule');
   });
 
@@ -144,19 +146,54 @@ describe('Alert Event Details', () => {
       cy.contains('Log message optimized for viewing in a log viewer');
       cy.contains('Days of uptime');
     });
+    cy.intercept('PUT', '/api/detection_engine/rules').as('saveRule');
     cy.contains('Save changes').click();
+    cy.wait('@saveRule').should(({ request }) => {
+      const oneQuery = [
+        {
+          interval: 10,
+          query: 'select * from uptime;',
+          id: 'fds',
+        },
+      ];
+      expect(request.body.response_actions[0].params.queries).to.deep.equal(oneQuery);
+    });
+
     cy.contains(`${RULE_NAME} was saved`).should('exist');
     cy.getBySel('toastCloseButton').click();
     cy.contains('Edit rule settings').click();
     cy.getBySel('edit-rule-actions-tab').wait(500).click();
     cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
       cy.contains('testpack');
+      cy.getBySel('comboBoxInput').type('Example{downArrow}{enter}');
     });
     cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
       cy.contains('select * from uptime');
       cy.contains('Log message optimized for viewing in a log viewer');
       cy.contains('Days of uptime');
     });
+    cy.contains('Save changes').click();
+    cy.wait('@saveRule').should(({ request }) => {
+      const threeQueries = [
+        {
+          interval: 3600,
+          query: 'SELECT * FROM memory_info;',
+          platform: 'linux',
+          id: 'system_memory_linux_elastic',
+        },
+        {
+          interval: 3600,
+          query: 'SELECT * FROM system_info;',
+          id: 'system_info_elastic',
+        },
+        {
+          interval: 10,
+          query: 'select opera_extensions.* from users join opera_extensions using (uid);',
+          id: 'failingQuery',
+        },
+      ];
+      expect(request.body.response_actions[0].params.queries).to.deep.equal(threeQueries);
+    });
   });
 
   it('should be able to run live query and add to timeline (-depending on the previous test)', () => {
diff --git a/x-pack/plugins/osquery/public/shared_components/osquery_response_action_type/index.tsx b/x-pack/plugins/osquery/public/shared_components/osquery_response_action_type/index.tsx
index 68cafcb8434f0..1d2f79f273c58 100644
--- a/x-pack/plugins/osquery/public/shared_components/osquery_response_action_type/index.tsx
+++ b/x-pack/plugins/osquery/public/shared_components/osquery_response_action_type/index.tsx
@@ -9,15 +9,16 @@ import React, { useEffect, useMemo } from 'react';
 import { EuiSpacer } from '@elastic/eui';
 import uuid from 'uuid';
 import type { FieldErrors } from 'react-hook-form';
+import { useFieldArray } from 'react-hook-form';
 import { useForm as useHookForm, FormProvider } from 'react-hook-form';
 import { map, omit } from 'lodash';
 
 import type { ECSMapping } from '@kbn/osquery-io-ts-types';
+import { usePack } from '../../packs/use_pack';
 import { QueryPackSelectable } from '../../live_queries/form/query_pack_selectable';
 import { useKibana } from '../../common/lib/kibana';
 import { LiveQueryQueryField } from '../../live_queries/form/live_query_query_field';
 import { PackFieldWrapper } from './pack_field_wrapper';
-import { usePack } from '../../packs/use_pack';
 
 interface OsqueryResponseActionsValues {
   savedQueryId?: string | null;
@@ -74,7 +75,7 @@ const OsqueryResponseActionParamsFormComponent = ({
         },
   });
 
-  const { watch, register, formState } = hooksForm;
+  const { watch, register, formState, control } = hooksForm;
 
   const [packId, queryType, queries, id] = watch(['packId', 'queryType', 'queries', 'id']);
   const { data: packData } = usePack({
@@ -82,6 +83,22 @@ const OsqueryResponseActionParamsFormComponent = ({
     skip: !packId?.[0],
   });
 
+  const { replace } = useFieldArray({
+    name: 'queries',
+    control,
+  });
+
+  useEffect(() => {
+    if (packData?.queries) {
+      const queriesArray = map(packData?.queries, (query, queryId: string) => ({
+        ...query,
+        id: queryId,
+      }));
+
+      replace(queriesArray);
+    }
+  }, [packData, replace]);
+
   useEffect(() => {
     onError(formState.errors);
   }, [onError, formState]);
@@ -99,12 +116,7 @@ const OsqueryResponseActionParamsFormComponent = ({
           ? {
               id: formData.id,
               packId: formData?.packId?.length ? formData?.packId[0] : undefined,
-              queries: packData
-                ? map(packData.queries, (query, queryId: string) => ({
-                    ...query,
-                    id: queryId,
-                  }))
-                : formData.queries,
+              queries: formData.queries,
             }
           : {
               id: formData.id,