diff --git a/salt/logstash/files/dynamic/0006_input_beats.conf b/salt/logstash/files/dynamic/0006_input_beats.conf
new file mode 100644
index 000000000..00ba64578
--- /dev/null
+++ b/salt/logstash/files/dynamic/0006_input_beats.conf
@@ -0,0 +1,14 @@
+# Author: Justin Henderson
+# SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
+# Email: justin@hasecuritysolutions.com
+# Last Update: 12/11/2017
+
+input {
+  beats {
+    port => "5044"
+    ssl => true
+    ssl_certificate => "/some/locations"
+    ssl_key => "/some/location"
+    tags => [ "beat" ]
+  }
+}
\ No newline at end of file