Potential `api.monitor.azure.com` False Positive

[Microsoft Sentinel](https://azure.microsoft.com/en-us/products/microsoft-sentinel/) relies on `api.loganalytics.io`, which is the [documented API endpoint](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/access-api) for Azure's Log Analytics. An example of issued request is the following one:
```
POST https://api.loganalytics.io/v1/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.OperationalInsights/workspaces/REDACTED/metadata?select=categories,solutions,tables,workspaces
```

The `api.loganalytics.io` domain is however indirectly blocked as it is a CNAME for `api.monitor.azure.com` which is on the block-list.
```
> api.loganalytics.io
Server:  REDACTED
Address:  REDACTED

Name:    api.loganalytics.io
Addresses:  ::
          0.0.0.0

> set type=CNAME
> api.loganalytics.io
Server:  REDACTED
Address:  REDACTED

api.loganalytics.io     canonical name = api.monitor.azure.com
```

This causes Azure to break.
![image](https://github.com/lightswitch05/hosts/assets/46688461/db83f8c8-d9bc-4298-99f0-e3f9c6464a0b)


While I have added an exception for it, it might be worth considering whether the `api.monitor.azure.com` block is intentional.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Potential `api.monitor.azure.com` False Positive #427

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Potential api.monitor.azure.com False Positive #427

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

Potential `api.monitor.azure.com` False Positive #427