In the context of log analysis, which element helps describe the impact of an attack?

Describing the outcome or damage from a security incident is essential in log analysis. The impact element captures the consequences of the attack, such as which assets were affected, how long services were down, whether data was lost or exposed, and the overall effect on confidentiality, integrity, and availability. This information helps responders gauge severity, prioritize actions, and communicate risk to stakeholders. For example, if an intrusion leads to a multi-hour outage and data exposure, the impact field records that severity, guiding response and remediation decisions. Other elements focus on who started the activity (initiator), the order of events (sequence of actions), or the technique used (attack pattern); while informative, they don’t describe the resulting damage or disruption as directly as the impact does.