I'm deploying Aienvault USM in VBox. Everything has worked fine until the network monitoring part where I should monitor SPAN Port traffic.
From my host PC, I can see the traffic cmming in well on that specific port (eno4), I have bridged the same port on my Virtual Machine to eth1 and allowed promiscuous mode to ALL.
However, from my Virtual machine, when I do tcpdump on eth1, which is the interface I have bridged eno4(the host interface containing my SPAN Port Cable) I see very little traffic compared to when I do the same on my host.
What could be reasons for that?
Background
I just solved this, Usually on when running Alienvault OSSIM, which comes as a .ISO file, one can install on a hardware component. This is not the same case with USM which comes as a .OVA.
In the scenario when Alienvault is running on hardware, I don't really need to make sure that my ethernet connection settings are set, because I'm basically listening.
Solving
In this case, I made sure that my network connection was connected in my centos, then left the virtualbox the way I had set initially(Bridged and on promiscous on mu eno4 interface)
It worked flawlessly.