diff --git a/x-pack/plugins/osquery/public/live_queries/form/index.tsx b/x-pack/plugins/osquery/public/live_queries/form/index.tsx
index 2449195300910..7868c1bb3a471 100644
--- a/x-pack/plugins/osquery/public/live_queries/form/index.tsx
+++ b/x-pack/plugins/osquery/public/live_queries/form/index.tsx
@@ -8,10 +8,14 @@
 import { EuiButton, EuiButtonEmpty, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import type { ECSMapping } from '@kbn/osquery-io-ts-types';
-import React, { useCallback, useEffect, useMemo, useState } from 'react';
+import React, { useCallback, useContext, useEffect, useMemo, useState } from 'react';
 import { useForm as useHookForm, FormProvider } from 'react-hook-form';
 import { isEmpty, find, pickBy } from 'lodash';
 
+import {
+  containsDynamicQuery,
+  replaceParamsQuery,
+} from '../../../common/utils/replace_params_query';
 import { PLUGIN_NAME as OSQUERY_PLUGIN_NAME } from '../../../common';
 import { QueryPackSelectable } from './query_pack_selectable';
 import type { SavedQuerySOFormData } from '../../saved_queries/form/use_saved_query_form';
@@ -26,6 +30,7 @@ import { LiveQueryQueryField } from './live_query_query_field';
 import { AgentsTableField } from './agents_table_field';
 import { savedQueryDataSerializer } from '../../saved_queries/form/use_saved_query_form';
 import { PackFieldWrapper } from '../../shared_components/osquery_response_action_type/pack_field_wrapper';
+import { AlertAttachmentContext } from '../../common/contexts';
 
 export interface LiveQueryFormFields {
   alertIds?: string[];
@@ -66,6 +71,8 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
   enabled = true,
   hideAgentsField = false,
 }) => {
+  const alertAttachmentContext = useContext(AlertAttachmentContext);
+
   const { application, appName } = useKibana().services;
   const permissions = application.capabilities.osquery;
   const canRunPacks = useMemo(
@@ -138,11 +145,17 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
 
   const onSubmit = useCallback(
     async (values: LiveQueryFormFields) => {
+      // Temporary, frontend solution for params substitution. To be removed once alert_ids refactored in create_live_query_route
+      const query =
+        values.query && containsDynamicQuery(values.query) && alertAttachmentContext
+          ? replaceParamsQuery(values.query, alertAttachmentContext).result
+          : values.query;
+
       const serializedData = pickBy(
         {
           agentSelection: values.agentSelection,
           saved_query_id: values.savedQueryId,
-          query: values.query,
+          query,
           alert_ids: values.alertIds,
           pack_id: values?.packId?.length ? values?.packId[0] : undefined,
           ecs_mapping: values.ecs_mapping,
@@ -152,7 +165,7 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
 
       await mutateAsync(serializedData);
     },
-    [mutateAsync]
+    [alertAttachmentContext, mutateAsync]
   );
 
   const serializedData: SavedQuerySOFormData = useMemo(