Just in case anyone else is running LEM via HyperV and is looking to do the same thing.
Straight from the horses mouth:
Snort included on LEM is capable of sniffing the entire network as long as you're forwarding all the network's traffic to an anonymous (no IP) promiscuous mode NIC in the LEM. This would basically require mirroring or spanning the traffic from a core switch/router that all traffic flows through, down a dedicated port on that switch/router to the physical host that LEM is running on.
Having said that, I'm afraid that Hyper-V 2008 does not support this type of setup. It's virtual switches require that the traffic have a specific destination relevant to the VMs.