Which role is responsible for determining what happened on an affected network?

The role responsible for determining what happened on an affected network is the Security Analyst. A Security Analyst evaluates security incidents, analyzes potential threats, and assesses the impact of security breaches on the network. They collect and examine logs, alerts, and other relevant data to investigate the incident, understand how it occurred, and identify affected systems. This role is crucial in providing insights that guide the response to the incident and help improve the overall security posture of the organization.

While other roles play important parts in the incident response process, the Security Analyst is typically focused on the investigation aspect, gathering intelligence on the attack vector, and providing a comprehensive overview of the security incident for remediation and reporting purposes.