After working with support apparently for devices that perform NAT (such as netflow export from a Palo Alto Firewall) where the flow includes an IP that is NATTED you can only see some of the IPs involved in the actual NTA conversation.
Example 1 (no NAT):
10.10.10.1 access an internal IP 10.20.20.20.
In NTA you see a conversation between 10.10.10.1 and 10.20.20.20
10.10.10.1 access a public website 126.96.36.199, the firewall NATs all outbound traffic to the internet to a public IP of 188.8.131.52
In NTA you only see a conversation between 184.108.40.206 and 220.127.116.11
This is not very useful as you cannot see the actual LAN host/IP in the conversation (10.10.10.1).
All IPs are being sent via netflow as seen in packet captures on Orion.
Simply add four fields in NTA showing SRCADDR, Post NAT Source IPv4 Addres, DSTADDR, Post Nat Destination IPv4 Address when you drill into conversations. This would allow anyone with a device performing NAT and sending flows with NAT involved to drill in and see the relevant information needed.