Nowadays, the electronic form of exchanges offers a new media able to make easy all information access, ubiquitous access, everywhere and everytime. But, at the same time, such a media - new, opened and complex - introduces unknown threats and breaches. So, how can we start up trust exchanges? From the system theory point of view, the cybernetic regulation maintains the sys-tems equilibrium with negative feedback loops. In this way, the defense line is based on a set of defense components still named Demilitarized Zone (DMZ) in order to block flow, to control anomalies and give out alerts messages if deviances are detected. Nev-ertheless, most of these messages concern only anomalies of machines and very little of human. So, messages do not take into account neither psychological behavior nor the dynamic of the context. Furthermore, messages suffer of the "big data" problem and become confused due to too much velocity, volume and variety. Finally, we can limit this problem to the understanding difficulty during the access to the specific knowledge in connection with the message. For example, the identity theft with the XSS attack is an illustration of this unfriendly environment. On the contrary, the living sciences show that organisms follow a positive regulation by where each one itself adapts according to his complexity. For that, they deploy adapted and continuous environment monitoring process still named "homeostasis". During this cycle, inputs capture information, then outputs adjust in response corre-sponding actions : this is the feedback. The strength of such a mechanism lies on the information meaning and in particular on the clues they include. In fact, some of these information include clues by which organisms can explain situations. For example, the information « attention" alludes to dangerous situation. This faculty comes from ad-vanced knowledge having first explicit relationship with this information: this relation forms what we call the "cognitive loop". To illustrate this phenomenon, the cognitive sciences often evoke "a friend immediately recognized by her friend" despite he is swal-lowed up in the crowd. But, the cognitive loop should not be broken. Like the living beings functioning, our work propose a cognitive model named Diag-nostic And Incident Model (DIM). The main idea lies on the context-aware model in order to adapt itself like "homeostasis". DIM has been founded on the principle of the "cognitive loop" where the inputs are the "logs" of numerics systems. So, in order to make easier the comparison between contextual and known situation, we will design "logs" and advanced knowledge by a common model. DIM proposes a conceptual struc-ture to extract clues from massive and various "logs” issued from environment based on advanced knowledge acquisition. Then, we propose the cognitive structure will be applied to the anomaly detection, incident management and diagnosis process.