The network flow data analysis community has long recognized that robust network defense requires fusion with other comprehensive data sources such as DNS, log data, threat data, system-level metadata and (ideally) full packet capture. In such a complex enterprise, it helps to have a clear conceptual framework for the analytic goals, to guide the design and reveal missing capabilities. I here present such a framework based on Multisensor Data Fusion, with specific consequences for data collection and analysis.