I need to deploy Palo alto Add-On but must ensure it doesnt connect using plain text credentials. Looking at the Add-On settings, there is no option to use SSL for API calls
The Palo Alto Networks add-on was built using Splunk's Add-on builder and leverages Splunk's credentials encryption method from the settings page.
so when contacting Palo FW for logs how do they authenticate using plain text password or encrypted credentials
I may need a little more context. Firewall logs are generally forwarded to the Splunk instance. Splunk shouldn't need to authenticate with a Firewall to get logs.