In the NIST incident response lifecycle, the primary objective of containment is to

Containment focuses on stopping the incident from causing more harm and preventing it from spreading to additional systems. In practice, this means quick actions like isolating compromised hosts, segmenting affected networks, and blocking attacker communication to curb the blast radius. The goal is to keep damage contained long enough to finish analysis and begin eradication without letting the incident cascade further. Restoring normal operations belongs to recovery, and eliminating all malicious artifacts is part of eradication and cleanup after containment. Informing stakeholders is important but belongs to coordination and communication, not the primary aim of containment. So the best choice is preventing further damage and limiting spread.