The primary objective of conducting a 'lessons learned' session following an incident is to discuss what was successful and what could have been done better during the incident response. This includes analyzing the incident from detection to recovery, identifying any gaps in the response procedures, and recommending improvements to the incident response plan to prevent future breaches or reduce their impact. 'Documenting the attack vectors' and 'conducting employee disciplinary review' may be a part of the overall review process, but they are not the primary objectives. 'Planning for unplanned system outages' is an activity related to business continuity and disaster recovery planning, not specifically tied to the lessons learned from incident response.