FTN is a project that was started in 2007 to support US Forces in both Afghanistan and Iraq with customized data collection and analysis capabilities geared towards tactical networks. FTN accomplishes this mission through support personnel who instrument and harvest data from COTS systems and a custom software application that merges Netflow and other data sources and provides an intuitive interface for general purpose analysis and visualization. An important part of this support is provided by the in-house development of the FTN Analysis and Visualization Application (FAVA). FAVA is a lightweight executable that integrates with and leverages data from the existing suite of fielded NetOps capabilities for the "heavy lifting" associated with data collection and storage. FAVA's strength is in its flexibility. It is capable of integrating data from many existing NetOps tools and data products so it can leverage the existing Division NetOps suite. FAVA provides context sensitive (temporal echelon device etc.) analysis investigation visualization and reporting beyond the individual COTS capabilities. Over the years the FTN team has learned that by merging Netflow data with other data sources FAVA is able to provide some critical analysis capabilities that would not otherwise be available with Netflow alone. When merging Netflow data with a unit's Mission Command Systems inventory FAVA can group and filter network activity by organization to a granular level through a unit hierarchy tree view. When merging Netflow data with classified situation reports from the Intelligence System FAVA is able to overlay network activity and operational events into a visual timeline. This allows visual cause-effect correlation between operational (and custom user) events and network utilization. When merging Netflow with detailed host information FAVA is able to map Netflow IP addresses to specific echelons hosts and C4ISR platforms. When merging Netflow data with IP reputation databases FAVA is able to identify malicious network behavior and supports targeted Cyber analysis. This gives the Warfighter actionable intelligence and valuable network situational awareness. Should a cyber-security incident occur FAVA will allow the incident handler to view all the network elements that are involved in the incident and take decisive responsive action. This cross-correlation of data assists military leaders with "big-picture" data confidence and decision support. As FAVA continues to mature FTN personnel continually research methods on how they can leverage existing resources with Netflow to help provide robust analysis capabilities with minimal overhead.