I want to use Timemachine in Bro,
I run Bro live, then suspicious IP's are generated. Then I want to retrieve
the payloads of those IP's packets (based on IP address and maybe
timestamp) for further analysis to make sure whether they are really
intrusion of false positive.
I have no idea about using Timemachine, is there any guide for this, step
by step to use and configure TM?
Is TM stable now so that I can rely on it in current PhD research?
My bro version: 2.3 running on ubuntu 14.04