Today's logstash conf file is for Cognitive threat analytics. You will need an api created inside of CTA cloud dashboard. You will also need taxii log adapter setup. If you need help here is the wiki taxii log adapter wiki 

If you really get stuck feel free to send me a message. In the upcoming days I will be posting conf files for FirePower snort, Security Intelligence alerts, Threat intelligence director via Firepower manager API, Cisco AMP for endpoints, and Meraki Security Alerts (AMP and SNORT). 

In order to use the attached conf file please remove the .txt from the filename.