diff --git a/conf/template/pengwyn/bblayers.conf.sample b/conf/template/pengwyn/bblayers.conf.sample
new file mode 100644
index 0000000..8af420c
--- /dev/null
+++ b/conf/template/pengwyn/bblayers.conf.sample
@@ -0,0 +1,26 @@
+# POKY_BBLAYERS_CONF_VERSION is increased each time build/conf/bblayers.conf
+# changes incompatibly
+POKY_BBLAYERS_CONF_VERSION = "2"
+
+BBPATH = "${TOPDIR}"
+BSPPATH = "${TOPDIR}/.."
+BBFILES ?= ""
+
+BBLAYERS ?= " \
+  ${BSPPATH}/meta-pengwyn \
+  ${BSPPATH}/poky/meta \
+  ${BSPPATH}/poky/meta-poky \
+  ${BSPPATH}/poky/meta-yocto-bsp \
+  ${BSPPATH}/meta-openembedded/meta-oe \
+  ${BSPPATH}/meta-openembedded/meta-python \
+  ${BSPPATH}/meta-openembedded/meta-networking \
+  ${BSPPATH}/meta-openembedded/meta-filesystems \
+  ${BSPPATH}/meta-openembedded/meta-perl \
+  ${BSPPATH}/meta-arm/meta-arm-toolchain \
+  ${BSPPATH}/meta-arm/meta-arm \
+  ${BSPPATH}/meta-ti/meta-ti-bsp \
+  ${BSPPATH}/meta-security \
+  ${BSPPATH}/meta-security/meta-security-compliance \
+  ${BSPPATH}/meta-cyber-scle \
+  ${BSPPATH}/meta-perso \
+"
diff --git a/conf/template/bblayers.conf.sample b/conf/template/rpi/bblayers.conf.sample
similarity index 100%
rename from conf/template/bblayers.conf.sample
rename to conf/template/rpi/bblayers.conf.sample
diff --git a/recipes-scanners/wazuh/wazuh-agent_4.4.0.bb b/recipes-scanners/wazuh/wazuh-agent_4.4.0.bb
new file mode 100644
index 0000000..d179698
--- /dev/null
+++ b/recipes-scanners/wazuh/wazuh-agent_4.4.0.bb
@@ -0,0 +1,253 @@
+# Copyright (C) 2023 Vincent BENOIT <vincent.benoit@scle.fr>
+# Release under the MIT license (see COPYING.MIT for the terms)
+HOMEPAGE = "https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html"
+SUMMARY = "The agent runs on the host you want to monitor and communicates with the Wazuh server"
+MAINTAINER = "Vincent BENOIT <vincent.benoit@benserv.fr>"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=i522ae3a9266aa0b86a5f314c85dbb560"
+LICENSE = "CLOSED"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+DEPENDS = "curl-native \
+           audit-userspace \
+           cjson \
+           curl \
+           libffi \
+           procps \
+           openssl \
+           libyaml \
+           libdbi \
+           libffi \
+           libyaml \
+           openssl \
+           procps \
+           sqlite3 \
+           zlib \
+           bzip2 \
+           nlohmann-json \
+           googletest \
+           libpcre2 \
+           libplist \
+           libarchive \
+           popt \
+           msgpack-c \
+           rpm \
+           cmake-native \
+           wazuh-users \
+         "
+
+RDEPENDS:${PN} += "wazuh-users"
+
+inherit systemd
+
+SRC_URI = " \
+    git://github.com/wazuh/wazuh.git;protocol=https;branch=master \
+    file://ossec.conf \
+    file://wazuh-agent.service \
+    file://0001-Makefile.patch \
+    file://0002-headers-correction.patch \
+    file://0003-CMakeLists.patch \
+    "
+
+SRCREV = "c7fc9bac7ccfdda6edfa6befc77545533ded039b"
+PV = "4.4.0"
+S = "${WORKDIR}/git"
+
+SYSTEMD_AUTO_ENABLE = "enable"
+SYSTEMD_SERVICE:${PN} = "wazuh-agent.service"
+
+EXTRA_OEMAKE = ' \
+                CC="${CC}" \
+                CXX="${CXX}" \
+                RANLIB="${RANLIB}" \
+                AR="${AR}" \
+                CFLAGS="${CFLAGS} -I${STAGING_INCDIR} -I${STAGING_INCDIR}/cjson -I${STAGING_INCDIR}/curl" \
+                LDFLAGS="-Wl,--sysroot=${STAGING_DIR_TARGET} -L${STAGING_LIBDIR} -lm -lcjson -lssl -lcrypto -lpcre2-8 -lz -lsqlite3 -lyaml -lcurl -lmsgpackc -laudit -lprocps" \
+                CMAKE_OPTS="-DSTAGING_DIR=${STAGING_DIR_TARGET}" \
+               '
+do_compile() {
+    (cd src && oe_runmake TARGET=agent INSTALLDIR="/var/ossec")
+}
+
+do_install() {
+	install -d ${D}${systemd_unitdir}/system/
+	install -m 0644 ${WORKDIR}/wazuh-agent.service ${D}${systemd_unitdir}/system/
+
+	install -d -o root -g wazuh ${D}/var/ossec
+	install -d ${D}/var/ossec/lib
+	install -m 0750 -o root -g wazuh ${S}/src/libwazuhext.so ${D}/var/ossec/lib/
+	install -m 0750 -o root -g wazuh ${S}/src/libwazuhshared.so ${D}/var/ossec/lib/
+	install -m 0750 -o root -g wazuh ${S}/src/shared_modules/dbsync/build/lib/libdbsync.so ${D}/var/ossec/lib/
+	install -m 0750 -o root -g wazuh ${S}/src/shared_modules/rsync/build/lib/librsync.so ${D}/var/ossec/lib/
+	install -m 0750 -o root -g wazuh ${S}/src/syscheckd/build/lib/libfimdb.so ${D}/var/ossec/lib/
+
+	chrpath -d ${D}/var/ossec/lib/libfimdb.so
+	chrpath -d ${D}/var/ossec/lib/librsync.so
+	chrpath -d ${D}/var/ossec/lib/libdbsync.so
+
+	install -d ${D}/var/ossec/bin
+	install -m 0750 ${S}/src/wazuh-agentd ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/agent-auth ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/wazuh-logcollector ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/syscheckd/build/bin/wazuh-syscheckd ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/wazuh-execd ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/manage_agents ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/wazuh-modulesd ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/init/wazuh-client.sh ${D}/var/ossec/bin/wazuh-control
+
+	chrpath -d ${D}/var/ossec/bin/wazuh-syscheckd
+
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/tmp
+
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/queue
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/rids
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/alerts
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/sockets
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/diff
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/fim
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/fim/db
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/syscollector
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/syscollector/db
+	install -m 0640 ${S}/src/wazuh_modules/syscollector/norm_config.json ${D}/var/ossec/queue/syscollector/
+	chown root:wazuh ${D}/var/ossec/queue/syscollector/norm_config.json
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/logcollector
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/incoming
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/generic
+	install -m 0640 -o root -g wazuh ${S}/ruleset/sca/generic/*.yml ${D}/var/ossec/ruleset/sca/generic/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/mongodb
+	install -m 0640 -o root -g wazuh ${S}/ruleset/sca/mongodb/*.yml ${D}/var/ossec/ruleset/sca/mongodb/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/applications
+	install -m 0640 -o root -g wazuh ${S}/ruleset/sca/applications/*.yml ${D}/var/ossec/ruleset/sca/applications/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/nginx
+	install -m 0640 -o root -g wazuh ${S}/ruleset/sca/nginx/*.yml ${D}/var/ossec/ruleset/sca/nginx/
+
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud/pubsub
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud/buckets
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/var/wodles
+	install -m 0750 -o root -g wazuh ${S}/wodles/__init__.py ${D}/var/ossec/wodles/
+	install -m 0750 -o root -g wazuh ${S}/wodles/utils.py ${D}/var/ossec/wodles/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/aws
+	install -m 0750 -o root -g wazuh ${S}/wodles/aws/aws_s3.py ${D}/var/ossec/wodles/aws/aws-s3
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/gcloud.py ${D}/var/ossec/wodles/gcloud/gcloud
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/integration.py ${D}/var/ossec/wodles/gcloud/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/tools.py ${D}/var/ossec/wodles/gcloud/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/exceptions.py ${D}/var/ossec/wodles/gcloud/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/buckets/bucket.py ${D}/var/ossec/wodles/gcloud/buckets/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/buckets/access_logs.py ${D}/var/ossec/wodles/gcloud/buckets/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/pubsub/subscriber.py ${D}/var/ossec/wodles/gcloud/pubsub/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/docker
+	install -m 0750 -o root -g wazuh ${S}/wodles/docker-listener/DockerListener.py ${D}/var/ossec/wodles/docker/DockerListener
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/azure
+	install -m 0750 -o root -g wazuh ${S}/wodles/azure/azure-logs.py ${D}/var/ossec/wodles/azure/azure-logs
+	install -m 0750 -o root -g wazuh ${S}/wodles/azure/orm.py ${D}/var/ossec/wodles/azure/
+
+	install -d -o wazuh -g wazuh ${D}/var/ossec/etc
+	install -d -o root -g wazuh ${D}/var/ossec/etc/shared
+	install -m 0660 -o root -g wazuh ${WORKDIR}/ossec.conf ${D}/var/ossec/etc/
+	install -m 0660 -o root -g wazuh ${S}/ruleset/rootcheck/db/*.txt ${D}/var/ossec/etc/shared/
+	install -m 0640 -o root -g wazuh ${S}/etc/wpk_root.pem ${D}/var/ossec/etc/
+	touch ${D}/var/ossec/etc/client.keys
+	chown -R root:wazuh ${D}/var/ossec/etc/client.keys
+
+	install -m 0640 -o root -g wazuh ${S}/etc/internal_options.conf ${D}/var/ossec/etc/
+	install -m 0640 -o root -g wazuh ${S}/etc/local_internal_options.conf ${D}/var/ossec/etc/
+
+	install -d -o root -g wazuh ${D}/var/ossec/active-response
+	install -d -o root -g wazuh ${D}/var/ossec/active-response/bin
+	install -m 0750 -o root -g wazuh ${S}/src/firewalld-drop ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/wazuh-slack ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/route-null ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/restart-wazuh ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/kaspersky ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/ip-customblock ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/pf ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/npf ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/ipfw ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/default-firewall-drop ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/disable-account ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/host-deny ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/active-response/kaspersky.py ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/active-response/restart.sh ${D}/var/ossec/active-response/bin/
+
+	install -d -o root -g wazuh ${D}/var/ossec/agentless
+	install -m 0750 -o root -g wazuh ${S}/src/agentlessd/scripts/* ${D}/var/ossec/agentless/
+
+	install -d -o root -g wazuh ${D}/var/ossec/var
+	install -d -o wazuh -g wazuh ${D}/var/ossec/var/run
+	install -d -o root -g wazuh ${D}/var/ossec/var/upgrade
+	install -d -o root -g wazuh ${D}/var/ossec/var/selinux
+	install -d -o root -g wazuh ${D}/var/ossec/var/incoming
+	install -d -o root -g wazuh ${D}/var/ossec/backup
+
+	install -d -o wazuh -g wazuh ${D}/var/ossec/logs
+	touch ${D}/var/ossec/logs/ossec.log
+	chown -R wazuh:wazuh ${D}/var/ossec/logs/ossec.log
+
+	touch ${D}/var/ossec/logs/ossec.json
+	chown -R wazuh:wazuh ${D}/var/ossec/logs/ossec.json
+	install -d -o wazuh -g wazuh ${D}/var/ossec/logs/wazuh
+}
+
+FILES:${PN} += " \
+                 ${systemd_unitdir}/system/wazuh-agent.service \
+                 /var/ossec/lib/libwazuhext.so \
+                 /var/ossec/lib/libwazuhshared.so \
+                 /var/ossec/lib/libdbsync.so \
+                 /var/ossec/lib/librsync.so \
+                 /var/ossec/lib/libfimdb.so \
+                 /var/ossec/bin/wazuh-agentd \
+                 /var/ossec/bin/agent-auth \
+                 /var/ossec/bin/wazuh-logcollector \
+                 /var/ossec/bin/wazuh-syscheckd \
+                 /var/ossec/bin/wazuh-execd \
+                 /var/ossec/bin/manage_agents \
+                 /var/ossec/bin/wazuh-modulesd \
+                 /var/ossec/bin/wazuh-control \
+                 /var/ossec/etc/ossec.conf \
+                 /var/ossec/etc/shared/*.txt \
+                 /var/ossec/etc/wpk_root.pem \
+                 /var/ossec/etc/client.keys \
+                 /var/ossec/etc/internal_options.conf \
+                 /var/ossec/etc/local_internal_options.conf \
+                 /var/ossec/active-response/bin/firewalld-drop \
+                 /var/ossec/active-response/bin/wazuh-slack \
+                 /var/ossec/active-response/bin/route-null \
+                 /var/ossec/active-response/bin/restart-wazuh \
+                 /var/ossec/active-response/bin/kaspersky \
+                 /var/ossec/active-response/bin/ip-customblock \
+                 /var/ossec/active-response/bin/pf \
+                 /var/ossec/active-response/bin/npf \
+                 /var/ossec/active-response/bin/ipfw \
+                 /var/ossec/active-response/bin/default-firewall-drop \
+                 /var/ossec/active-response/bin/disable-account \
+                 /var/ossec/active-response/bin/host-deny \
+                 /var/ossec/active-response/bin/kapersky.py \
+                 /var/ossec/active-response/bin/restart.sh \
+                 /var/ossec/ruleset/sca/generic/*.yml \
+                 /var/ossec/ruleset/sca/mongodb/*.yml \
+                 /var/ossec/ruleset/sca/applications/*.yml \
+                 /var/ossec/ruleset/sca/nginx/*.yml \
+                 /var/ossec/wodles/__init__.py \
+                 /var/ossec/wodles/utils.py \
+                 /var/ossec/wodles/aws/aws-s3 \
+                 /var/ossec/wodles/gcloud/gcloud \
+                 /var/ossec/wodles/gcloud/integration.py \
+                 /var/ossec/wodles/gcloud/tools.py \
+                 /var/ossec/wodles/gcloud/exceptions.py \
+                 /var/ossec/wodles/gcloud/buckets/bucket.py \
+                 /var/ossec/wodles/gcloud/buckets/access_logs.py \
+                 /var/ossec/wodles/gcloud/pubsub/subscriber.py \
+                 /var/ossec/wodles/docker/DockerListener \
+                 /var/ossec/wodles/azure/azure-logs \
+                 /var/ossec/wodles/azure/orm.py \
+                 /var/ossec/agentless/* \
+                 /var/ossec/logs/ossec.log \
+                 /var/ossec/logs/ossec.json \
+               "
+
+INSANE_SKIP:${PN} = "ldflags already-stripped"
+#For dev packages only
+INSANE_SKIP:${PN}-dev = "ldflags already-stripped"
diff --git a/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb b/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb.old
similarity index 99%
rename from recipes-scanners/wazuh/wazuh-agent_4.7.0.bb
rename to recipes-scanners/wazuh/wazuh-agent_4.7.0.bb.old
index 115d30d..2f59c9d 100644
--- a/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb
+++ b/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb.old
@@ -176,7 +176,7 @@ do_install() {
 	install -m 0750 -o root -g wazuh ${S}/src/agentlessd/scripts/* ${D}/var/ossec/agentless/
 
 	install -d -o root -g wazuh ${D}/var/ossec/var
-	install -d -o root -g wazuh ${D}/var/ossec/var/run
+	install -d -o wazuh -g wazuh ${D}/var/ossec/var/run
 	install -d -o root -g wazuh ${D}/var/ossec/var/upgrade
 	install -d -o root -g wazuh ${D}/var/ossec/var/selinux
 	install -d -o root -g wazuh ${D}/var/ossec/var/incoming
diff --git a/scripts/envsetup.sh b/scripts/envsetup.sh
index 4e03359..7445b19 100644
--- a/scripts/envsetup.sh
+++ b/scripts/envsetup.sh
@@ -31,11 +31,11 @@ then
 fi
 
 if [ "a${DISTRO}" = "a" ]; then
-	DISTRO="rpi-distro"
+	DISTRO="pengwyn-distro"
 fi
 
 if [ "a${MACHINE}" = "a" ]; then
-	MACHINE="raspberrypi"
+	MACHINE="pengwyn"
 fi
 
 if [ "a${VERS}" = "a" ]; then