UPDATED May 26 2020
The schema for Live Discover will vary by operating systems.
See the online osquery schema https://osquery.io/schema/4.2.0 for more information on the default schema.
On Windows and Windows Server Sophos has extended the base OSQuery schema to provide access to the 90 days of information in the Sophos Data Recorder. This document covers the detailed Sophos Extension schema.