Stealthwatch and CTA integration can detect encrypted communication between malware infected host to C&C or other hosts. So in your case, there are several possibility:
1. Stealthwatch capture malware traffic and send it to CTA, however CTA can’t detect that traffic telemetry data. At this case, please contact support team with preparing malware sample information and telemetry data.
2. Infected host never communicate C&C or other server with TLS encrypted communication. At this case, Stealthwatch and CTA can’t detect it because there is no TLS telemetry in flow data.