Hi Pedro,
unfortunately what you are looking for is not achievable with Kibana at the moment.
Also that time dimension makes it really hard to even do this directly against Elasticsearch.
You would need to have a field, that contains both source and destination ip concatenated (which shouldn't be a problem to create). If you now do a terms aggregation over that field, you would get all entries, that share the same dst and src IP. To check whether they are really from two different entities, you could nest a metrics "Unique count" aggregation on the field containing "Bro" and "Suricata". If you filtered beforehand on "Bro" and "Suricata" you now know, that the source-dest-ip buckets, that have a unique count of 2 have documents with both values, meaning those are the intersection you are looking for.
Unfortunately adding this time constraint makes it very hard. You could e.g. create an additional time bucket aggregation with intervals of 2 minutes, but that is not exactly working like you wish I assume. Because this would now group together everything from minute 0 to minute 2, from 2 to 4, etc. Documents from minute 1 and 3 - which would still be within a 2 minute interval - wouldn't be in the same bucket anymore, meaning you don't have a "floating" 2 minute interval, but a fixed interval rounded to 2 minutes...
So I am not aware of a way, that you can achieve that exact behavior, and unfortunately you cannot do this in Kibana at the moment.
Cheers,
Tim