diff --git a/conf/distro/rpi-distro.conf b/conf/distro/rpi-distro.conf
new file mode 100644
index 0000000..71b9733
--- /dev/null
+++ b/conf/distro/rpi-distro.conf
@@ -0,0 +1,58 @@
+#PACKAGE_CLASSES ?= "package_deb"
+
+DISTRO_VERSION = "1.0.0"
+DISTRO_NAME = "RPI Distro"
+
+SDK_VENDOR = "-benserv"
+SDK_VERSION = "${DISTRO_VERSION}"
+MAINTENER = "vincent.benoit@benserv.fr"
+
+# Image Rootfs type and size
+IMAGE_FSTYPES = "tar.bz2 ext4 ext4.xz rpi-sdimg"
+SDIMG_ROOTFS_TYPE = "ext4.xz"
+# define a multiplier that the build system apllies to
+# the initial image size (4Go freespace)
+#IMAGE_OVERHEAD_FACTOR = "2"
+IMAGE_ROOTFS_EXTRA_SPACE = "4194304"
+
+# rpi specific
+DISABLE_OVERSCAN = "1"
+BOOT_DELAY = "0"
+BOOT_DELAY_MS = "0"
+DISABLE_RPI_BOOT_LOGO = "1"
+DISABLE_SPLASH = "1"
+ENABLE_I2C = "1"
+ENABLE_UART = "1"
+#KERNEL_MODULE_AUTOLOAD:rpi += "i2c-dev i2c-bcm2708 rtc-ds1307"
+CMDLINE_SERIAL = "console=tty1"
+#RPI_EXTRA_CONFIG = ' \n \
+## Yocto Extra config \n \
+#dtoverlay=i2c-rtc,ds3231 \n \
+#'
+
+# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES
+SERIAL_CONSOLES = ""
+
+# Use systemd
+DISTRO_FEATURES += " systemd usbhost ipv4 pam format"
+VIRTUAL-RUNTIME_init_manager = "systemd"
+VIRTUAL_RUNTIME_login_manager = "shadow-base"
+VIRTUAL_RUNTIME_syslog = "rsyslog"
+VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
+DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
+
+IMAGE_FEATURES += " package-management ssh-server-openssh"
+
+MACHINE_FEATURES = "rtc"
+#KERNEL_MODULE_AUTOLOAD += " i2c-dev"
+
+# set /var/log persistent
+VOLATILE_LOG_DIR = "no"
+
+INHERIT += "rm_work"
+
+# Use extrausers
+INHERIT += "extrausers"
+EXTRA_USERS_PARAMS += "usermod -p '\$6\$kineintercom\$CRdIWTleZDC7c/0pNVlDZy7K56fyf5PVsAGlx27GAY8UX/EjObgmxhMi3YOOs0uLj.da3jMdv.sKFngNFUqFz1' root;"
+
+RM_WORK_EXCLUDE += "wazuh"
diff --git a/conf/layer.conf b/conf/layer.conf
new file mode 100644
index 0000000..9d8109a
--- /dev/null
+++ b/conf/layer.conf
@@ -0,0 +1,14 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH := "${BBPATH}:${LAYERDIR}"
+
+# We have a packages directory, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb"
+BBFILES += " ${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "cyber-scle"
+BBFILE_PATTERN_cyber-scle := "^${LAYERDIR}/"
+BBFILE_PRIORITY_cyber-scle = "11"
+
+#LAYERDEPENDS_cyber-scle = "meta-security"
+
+LAYERSERIES_COMPAT_cyber-scle = "zeus"
diff --git a/conf/template/bblayers.conf.sample b/conf/template/bblayers.conf.sample
new file mode 100644
index 0000000..29a42f6
--- /dev/null
+++ b/conf/template/bblayers.conf.sample
@@ -0,0 +1,23 @@
+# POKY_BBLAYERS_CONF_VERSION is increased each time build/conf/bblayers.conf
+# changes incompatibly
+POKY_BBLAYERS_CONF_VERSION = "2"
+
+BBPATH = "${TOPDIR}"
+BSPPATH = "${TOPDIR}/.."
+BBFILES ?= ""
+
+BBLAYERS ?= " \
+  ${BSPPATH}/poky/meta \
+  ${BSPPATH}/poky/meta-poky \
+  ${BSPPATH}/poky/meta-yocto-bsp \
+  ${BSPPATH}/meta-openembedded/meta-oe \
+  ${BSPPATH}/meta-openembedded/meta-python \
+  ${BSPPATH}/meta-openembedded/meta-networking \
+  ${BSPPATH}/meta-openembedded/meta-webserver \
+  ${BSPPATH}/meta-openembedded/meta-filesystems \
+  ${BSPPATH}/meta-openembedded/meta-perl \
+  ${BSPPATH}/meta-security \
+  ${BSPPATH}/meta-security/meta-security-compliance \
+  ${BSPPATH}/meta-raspberrypi \
+  ${BSPPATH}/meta-cyber-scle \
+"
diff --git a/conf/template/tal/bblayers.conf.sample b/conf/template/tal/bblayers.conf.sample
new file mode 100644
index 0000000..28c5d94
--- /dev/null
+++ b/conf/template/tal/bblayers.conf.sample
@@ -0,0 +1,39 @@
+# POKY_BBLAYERS_CONF_VERSION is increased each time build/conf/bblayers.conf
+# changes incompatibly
+POKY_BBLAYERS_CONF_VERSION = "2"
+
+BBPATH = "${TOPDIR}"
+BSPPATH = "${TOPDIR}/.."
+BBFILES ?= ""
+
+BBLAYERS ?= " \
+  ${BSPPATH}/poky/meta \
+  ${BSPPATH}/poky/meta-poky \
+  ${BSPPATH}/poky/meta-yocto-bsp \
+  ${BSPPATH}/meta-openembedded/meta-oe \
+  ${BSPPATH}/meta-openembedded/meta-multimedia \
+  ${BSPPATH}/meta-openembedded/meta-python \
+  ${BSPPATH}/meta-openembedded/meta-networking \
+  ${BSPPATH}/meta-openembedded/meta-gnome \
+  ${BSPPATH}/meta-openembedded/meta-webserver \
+  ${BSPPATH}/meta-openembedded/meta-filesystems \
+  ${BSPPATH}/meta-openembedded/meta-xfce \
+  ${BSPPATH}/meta-openembedded/meta-perl \
+  ${BSPPATH}/meta-qt5 \
+  ${BSPPATH}/meta-qt5-extra \
+  ${BSPPATH}/meta-rust \
+  ${BSPPATH}/meta-clang \
+  ${BSPPATH}/meta-browser \
+  ${BSPPATH}/meta-selinux \
+  ${BSPPATH}/meta-java \
+  ${BSPPATH}/meta-cp \
+  ${BSPPATH}/meta-cp-tal-se \
+  ${BSPPATH}/meta-emb-arkcp-se \
+  ${BSPPATH}/meta-ihm-arkcp-se \
+  ${BSPPATH}/meta-ihm-raid-arkcp \
+  ${BSPPATH}/meta-configurateur-transfert \
+  ${BSPPATH}/meta-security \
+  ${BSPPATH}/meta-security/meta-security-compliance \
+  ${BSPPATH}/meta-cyber-scle \
+  "
+
diff --git a/recipes-core/images/arkens-image-cybersecurite.bbappend b/recipes-core/images/arkens-image-cybersecurite.bbappend
new file mode 100644
index 0000000..c98dcbb
--- /dev/null
+++ b/recipes-core/images/arkens-image-cybersecurite.bbappend
@@ -0,0 +1,17 @@
+# Copyright (C) 2023 Vincent BENOIT <vincent.benoit@scle.fr>
+# Released under the MIT license (see COPYING.MIT for the terms)
+LICENSE = "CLOSED"
+
+LABELS = "Arkens CP (avec logiciels cybersecurité)"
+include arkens-image.inc
+
+SCLE_USERS += " \
+                  arkens-users-cybersecurite \
+              "
+
+IMAGE_INSTALL += " \
+                  arkens-services-cybersecurite \
+                  lynis \
+                  wazuh-agent \
+                 "
+
diff --git a/recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb b/recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb
new file mode 100644
index 0000000..34d8b2b
--- /dev/null
+++ b/recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb
@@ -0,0 +1,29 @@
+DESCRIPTION = "This is some background information about the Linux Auditing Framework"
+HOMEPAGE = "https://github.com/linux-audit/audit-userspace"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI = "git://github.com/linux-audit/audit-userspace.git;branch=2.8_maintenance;protocol=https"
+SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c"
+
+S = "${WORKDIR}/git"
+
+DEPENDS = "openldap tcp-wrappers coreutils-native python"
+
+RDEPENDS_${PN} += "bash"
+
+EXTRA_OECONF = "--with-python=no \
+                --with-libwrap \
+                --enable-gssapi-krb5=yes \
+                --with-arm --with-aarch64 --with-libcap-ng=yes \
+                --without-golang --enable-systemd"
+
+inherit autotools
+
+do_install_append() {
+	install -m 644 ${S}/lib/private.h ${D}${includedir}
+	install -m 644 ${S}/lib/dso.h ${D}${includedir}
+}
+
+FILES_${PN} += "/usr/lib/systemd/system/auditd.service"
+FILES_${PN}-dev += "lib/private.h lib/dso.h"
diff --git a/recipes-devtools/audit-userspace/files/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch b/recipes-devtools/audit-userspace/files/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch
new file mode 100644
index 0000000..4305dae
--- /dev/null
+++ b/recipes-devtools/audit-userspace/files/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch
@@ -0,0 +1,51 @@
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 51c4a5e4..337be2dd 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -44,8 +44,10 @@
+ #include <linux/ax25.h>
+ #include <linux/atm.h>
+ #include <linux/x25.h>
+-#include <linux/if.h>   // FIXME: remove when ipx.h is fixed
+-#include <linux/ipx.h>
++#ifdef HAVE_IPX_HEADERS
++  #include <linux/if.h>   // FIXME: remove when ipx.h is fixed
++  #include <linux/ipx.h>
++#endif
+ #include <linux/capability.h>
+ #include <sys/personality.h>
+ #include <sys/prctl.h>
+@@ -1151,6 +1153,7 @@ static const char *print_sockaddr(const char *val)
+ 					      x->sax25_call.ax25_call[6]);
+                         }
+                         break;
++#ifdef HAVE_IPX_HEADERS
+                 case AF_IPX:
+                         {
+                                 const struct sockaddr_ipx *ip =
+@@ -1160,6 +1163,7 @@ static const char *print_sockaddr(const char *val)
+ 					str, ip->sipx_port, ip->sipx_network);
+                         }
+                         break;
++#endif
+                 case AF_ATMPVC:
+                         {
+                                 const struct sockaddr_atmpvc* at =
+diff --git a/configure.ac b/configure.ac
+index 6e345f12..5ff2d78e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -402,6 +402,13 @@ if test x"$LIBWRAP_LIBS" != "x"; then
+ 	AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled )
+ fi
+ 
++# linux/ipx.h - deprecated in 2018
++AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no)
++if test $ipx_headers = yes ; then
++	AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation])
++fi
++
++
+ # See if we want to support lower capabilities for plugins
+ LIBCAP_NG_PATH
+ 
diff --git a/recipes-devtools/audit-userspace/files/0002-ausearch-common.patch b/recipes-devtools/audit-userspace/files/0002-ausearch-common.patch
new file mode 100644
index 0000000..76666a8
--- /dev/null
+++ b/recipes-devtools/audit-userspace/files/0002-ausearch-common.patch
@@ -0,0 +1,11 @@
+--- a/src/ausearch-common.h
++++ b/src/ausearch-common.h
+@@ -50,7 +50,7 @@ extern pid_t event_pid;
+ extern int event_exact_match;
+ extern uid_t event_uid, event_euid, event_loginuid;
+ extern const char *event_tuid, *event_teuid, *event_tauid;
+-slist *event_node_list;
++extern slist *event_node_list;
+ extern const char *event_comm;
+ extern const char *event_filename;
+ extern const char *event_hostname;
diff --git a/recipes-devtools/cjson/cjson_1.7.15.bb b/recipes-devtools/cjson/cjson_1.7.15.bb
new file mode 100644
index 0000000..200f751
--- /dev/null
+++ b/recipes-devtools/cjson/cjson_1.7.15.bb
@@ -0,0 +1,21 @@
+DESCRIPTION = "Ultralightweight JSON parser in ANSI C"
+AUTHOR = "Dave Gamble"
+HOMEPAGE = "https://github.com/DaveGamble/cJSON"
+SECTION = "libs"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0"
+
+SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https"
+SRCREV = "d348621ca93571343a56862df7de4ff3bc9b5667"
+
+S = "${WORKDIR}/git"
+
+inherit cmake pkgconfig
+
+EXTRA_OECMAKE += "\
+    -DENABLE_CJSON_UTILS=On \
+    -DENABLE_CUSTOM_COMPILER_FLAGS=OFF \
+    -DBUILD_SHARED_AND_STATIC_LIBS=On \
+"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb b/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb
new file mode 100644
index 0000000..5fb54a2
--- /dev/null
+++ b/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb
@@ -0,0 +1,29 @@
+SUMMARY = "JSON for modern C++"
+HOMEPAGE = "https://nlohmann.github.io/json/"
+SECTION = "libs"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE.MIT;md5=f5f7c71504da070bcf4f090205ce1080"
+
+SRC_URI = "git://github.com/nlohmann/json.git;protocol=https;branch=develop"
+
+PV = "3.7.3+git${SRCPV}"
+
+SRCREV = "e7b3b40b5a95bc74b9a7f662830a27c49ffc01b4"
+
+S = "${WORKDIR}/git"
+
+inherit cmake
+
+EXTRA_OECMAKE += "-DJSON_BuildTests=OFF"
+
+# nlohmann-json is a header only C++ library, so the main package will be empty.
+
+RDEPENDS_${PN}-dev = ""
+
+BBCLASSEXTEND = "native nativesdk"
+
+# other packages commonly reference the file directly as "json.hpp"
+# create symlink to allow this usage
+do_install_append() {
+    ln -s nlohmann/json.hpp ${D}${includedir}/json.hpp
+}
diff --git a/recipes-scanners/wazuh/files/0001-Makefile.patch b/recipes-scanners/wazuh/files/0001-Makefile.patch
new file mode 100644
index 0000000..ad20a21
--- /dev/null
+++ b/recipes-scanners/wazuh/files/0001-Makefile.patch
@@ -0,0 +1,275 @@
+diff --git a/src/Makefile b/src/Makefile
+index df5cf62c25..12f41a611f 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -398,7 +398,7 @@ ifeq (,$(filter ${V},YES yes y Y 1))
+ 	QUIET_ENDCOLOR= @printf '%b' ${ENDCOLOR} 1>&2;
+ endif
+ 
+-MING_BASE:=
++#MING_BASE:=
+ ifeq (${TARGET}, winagent)
+ # Avoid passing environment variables such CFLAGS to external Makefiles
+ ifeq (${CC}, gcc)
+@@ -455,8 +455,8 @@ OSSEC_CC      =${QUIET_CC}${MING_BASE}${CC}
+ OSSEC_CCBIN   =${QUIET_CCBIN}${MING_BASE}${CC}
+ OSSEC_CXXBIN  =${QUIET_CCBIN}${MING_BASE}${CXX}
+ OSSEC_SHARED  =${QUIET_CCBIN}${MING_BASE}${CC} -shared
+-OSSEC_LINK    =${QUIET_LINK}${MING_BASE}ar -crus
+-OSSEC_RANLIB  =${QUIET_RANLIB}${MING_BASE}ranlib
++OSSEC_LINK    =${QUIET_LINK}${MING_BASE}${AR} -crus
++OSSEC_RANLIB  =${QUIET_RANLIB}${MING_BASE}${RANLIB}
+ OSSEC_WINDRES =${QUIET_CCBIN}${MING_BASE}windres
+ 
+ 
+@@ -780,8 +780,9 @@ ifeq (${MAKECMDGOALS},agent)
+ $(error Do not use 'agent' directly, use 'TARGET=agent')
+ endif
+ 
+-agent: external ${CPPLIBDEPS}
+-	${MAKE} ${BUILD_CMAKE_PROJECTS}
++#agent: external ${CPPLIBDEPS}
++agent:
++#	${MAKE} ${BUILD_CMAKE_PROJECTS}
+ 	${MAKE} ${BUILD_AGENT}
+ 
+ ifneq (,$(filter ${USE_SELINUX},YES yes y Y 1))
+@@ -914,6 +915,7 @@ ifeq (${uname_S},Darwin)
+ EXTERNAL_LIBS += ${LIBPLIST_LIB}
+ endif
+ 
++EXTERNAL_LIBS :=
+ 
+ .PHONY: external test_external
+ external: test_external $(EXTERNAL_LIBS) $(JEMALLOC_LIB)
+@@ -1002,6 +1004,7 @@ os_zlib_c := os_zlib/os_zlib.c
+ os_zlib_o := $(os_zlib_c:.c=.o)
+ 
+ os_zlib/%.o: os_zlib/%.c
++	@echo "SCLE: os_zlib"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -c $< -o $@
+ 
+ #### bzip2 ##########
+@@ -1032,10 +1035,12 @@ cjson_c := ${EXTERNAL_JSON}cJSON.c
+ cjson_o := $(cjson_c:.c=.o)
+ 
+ $(JSON_LIB): ${cjson_o}
++	@echo "[SCLE]: PLIP1"
+ 	${OSSEC_LINK} $@ $^
+ 	${OSSEC_RANLIB} $@
+ 
+ ${EXTERNAL_JSON}%.o: ${EXTERNAL_JSON}%.c
++	@echo "[SCLE]: PLIP2"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@
+ 
+ #### libyaml ##########
+@@ -1365,7 +1370,8 @@ endif
+ ####################
+ WAZUHEXT_LIB = libwazuhext.$(SHARED)
+ WAZUH_LIB = libwazuhshared.$(SHARED)
+-BUILD_LIBS = libwazuh.a $(WAZUHEXT_LIB)
++#BUILD_LIBS = libwazuh.a $(WAZUHEXT_LIB)
++BUILD_LIBS = libwazuh.a
+ 
+ $(BUILD_SERVER) $(BUILD_AGENT) $(WINDOWS_BINS) $(WINDOWS_BINS): $(BUILD_LIBS)
+ 
+@@ -1375,6 +1381,7 @@ os_xml_c := $(wildcard os_xml/*.c)
+ os_xml_o := $(os_xml_c:.c=.o)
+ 
+ os_xml/%.o: os_xml/%.c
++	@echo "SCLE: os_xml"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@
+ 
+ #### os_regex ######
+@@ -1383,6 +1390,7 @@ os_regex_c := $(wildcard os_regex/*.c)
+ os_regex_o := $(os_regex_c:.c=.o)
+ 
+ os_regex/%.o: os_regex/%.c
++	@echo "SCLE: os_regex"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@
+ 
+ #### os_net ##########
+@@ -1391,6 +1399,7 @@ os_net_c := $(wildcard os_net/*.c)
+ os_net_o := $(os_net_c:.c=.o)
+ 
+ os_net/%.o: os_net/%.c
++	@echo "SCLE: os_net"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@
+ 
+ #### Shared ##########
+@@ -1565,6 +1574,7 @@ shared_c := $(wildcard shared/*.c)
+ shared_o := $(shared_c:.c=.o)
+ 
+ shared/%.o: shared/%.c
++	@echo "SCLE: shared"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -DARGV0=\"wazuh-remoted\" -c $^ -o $@
+ 
+ shared/debug_op_proc.o: shared/debug_op.c
+@@ -1596,6 +1606,7 @@ config_c := $(wildcard config/*.c)
+ config_o := $(config_c:.c=.o)
+ 
+ config/%.o: config/%.c
++	@echo "SCLE: config"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -c $^ -o $@
+ 
+ build_shared_modules: $(WAZUHEXT_LIB)
+@@ -1710,6 +1721,7 @@ os_crypto/signature/%.o: os_crypto/signature/%.c
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -c $< -o $@
+ 
+ analysisd/logmsg.o: analysisd/logmsg.c
++	@echo "SCLE: analysisd/logmsg"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -c $< -o $@
+ 
+ 
+@@ -1728,6 +1740,7 @@ crypto_o := ${crypto_blowfish_o} \
+ #### libwazuh #########
+ 
+ libwazuh.a: ${config_o} ${wmodules_dep} ${crypto_o} ${shared_o} ${os_net_o} ${os_regex_o} ${os_xml_o} ${os_zlib_o} ${UNIT_TEST_WRAPPERS} os_auth/ssl.o os_auth/check_cert.o addagent/validate.o ${manage_agents} analysisd/logmsg.o
++	echo "SCLE: PLUP1"
+ 	${OSSEC_LINK} $@ $^
+ 	${OSSEC_RANLIB} $@
+ 
+@@ -1737,10 +1750,12 @@ ifeq (${uname_S},Darwin)
+ WAZUH_SHFLAGS=-install_name @rpath/libwazuhext.$(SHARED)
+ 
+ $(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
++	@echo "[SCLE] $(WAZUHEXT_LIB) - SHARED: $(OSSEC_SHARED) - CFLAGS: $(OSSEC_CFLAGS)"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) $(WAZUH_SHFLAGS) -o $@ -Wl,-all_load $^ -Wl,-noall_load $(OSSEC_LIBS)
+ else
+ ifeq (${TARGET}, winagent)
+ $(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
++	@echo "[SCLE] PLOP5"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ -static-libgcc -Wl,--export-all-symbols -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
+ else
+ ifeq (${uname_S},SunOS)
+@@ -1751,14 +1766,17 @@ LIBGCC_FLAGS := -Wl,-rpath,\$$ORIGIN
+ endif
+ ifeq (${uname_P},sparc)
+ $(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
++	@echo "[SCLE] PLOP6"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) -mimpure-text -o $@ $(LIBGCC_FLAGS) -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
+ else
+ $(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
++	@echo "[SCLE] PLOP1"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ $(LIBGCC_FLAGS) -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
+ endif
+ else
+ ifneq (,$(filter ${uname_S},AIX HP-UX))
+ $(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
++	@echo "[SCLE] PLOP2"
+ 	mkdir -p libwazuhext;
+ 	find external/ -name \*.a -exec cp {} libwazuhext/ \;
+ 	for lib in libcjson.a libz.a libmsgpack.a libssl.a libcrypto.a libsqlite3.a libyaml.a libpcre2-8.a ; do \
+@@ -1769,6 +1787,7 @@ $(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
+ 
+ else
+ $(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
++	@echo "[SCLE] PLOP3"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
+ endif
+ endif
+@@ -1840,12 +1859,15 @@ os_logcollector_o := $(os_logcollector_c:.c=.o)
+ os_logcollector_eventchannel_o := $(os_logcollector_c:.c=-event.o)
+ 
+ logcollector/%.o: logcollector/%.c
++	@echo "[SCLE] logcollector - OSSEC_CFLAGS: ${OSSEC_CFLAGS}"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -DARGV0=\"wazuh-logcollector\" -c $^ -o $@
+ 
+ logcollector/%-event.o: logcollector/%.c
++	@echo "[SCLE] logcollector2 - OSSEC_CFLAGS: ${OSSEC_CFLAGS}"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -DEVENTCHANNEL_SUPPORT -DARGV0=\"wazuh-logcollector\" -c $^ -o $@
+ 
+ wazuh-logcollector: ${os_logcollector_o}
++	@echo "[SCLE] wazuh-logcollector - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
+ 	${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
+ 
+ #### remoted #########
+@@ -1865,9 +1887,11 @@ client_agent_c := $(wildcard client-agent/*.c)
+ client_agent_o := $(client_agent_c:.c=.o)
+ 
+ client-agent/%.o: client-agent/%.c
++	@echo "client-agent - OSSEC_CC: ${OSSEC_CC} - OSSEC_CFLAGS: ${OSSEC_CFLAGS}"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -I./client-agent -DARGV0=\"wazuh-agentd\" -c $^ -o $@
+ 
+ wazuh-agentd: ${client_agent_o} monitord/rotate_log.o monitord/compress_log.o
++	@echo "wazuh-agentd - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
+ 	${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
+ 
+ #### addagent ######
+@@ -1876,10 +1900,12 @@ addagent_c := $(wildcard addagent/*.c)
+ addagent_o := $(addagent_c:.c=.o)
+ 
+ addagent/%.o: addagent/%.c
++	@echo "addagent - OSSEC_CFLAGS: ${OSSEC_CFLAGS}"
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -I./addagent -DARGV0=\"manage_agents\" -c $^ -o $@
+ 
+ 
+ manage_agents: ${addagent_o}
++	@echo "manage_agents - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
+ 	${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
+ 
+ #### Active Response ####
+@@ -1954,10 +1980,12 @@ ifeq (${uname_S},Darwin)
+ WAZUH_SHARED_SHFLAGS=-install_name @rpath/libwazuhshared.$(SHARED)
+ 
+ $(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
++	@echo "[SCLE] PLAP1"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) $(WAZUH_SHARED_SHFLAGS) -o $@ -Wl,-all_load $^ -Wl,-noall_load $(OSSEC_LIBS)
+ else
+ ifeq (${TARGET}, winagent)
+ $(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
++	@echo "[SCLE] PLAP2"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) -UOSSECHIDS -o $@ -static-libgcc -Wl,--export-all-symbols -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
+ else
+ ifeq (${uname_S},SunOS)
+@@ -1968,17 +1996,21 @@ LIBGCC_FLAGS := -Wl,-rpath,\$$ORIGIN
+ endif
+ ifeq (${uname_P},sparc)
+ $(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
++	@echo "[SCLE] PLAP3"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) -mimpure-text -o $@ $(LIBGCC_FLAGS) -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
+ else
+ $(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
++	@echo "[SCLE] PLAP4"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ $(LIBGCC_FLAGS) -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
+ endif
+ else
+ ifneq (,$(filter ${uname_S},AIX HP-UX))
+ $(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
++	@echo "[SCLE] PLAP5"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) $^ ${OSSEC_LIBS} -o $@ -static-libgcc
+ else
+ $(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
++	@echo "[SCLE] PLAP6"
+ 	$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
+ endif
+ endif
+@@ -2028,6 +2060,7 @@ rootcheck/%.o: rootcheck/%.c
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -DARGV0=\"rootcheck\" -c $^ -o $@
+ 
+ librootcheck.a: ${rootcheck_o_lib}
++	@echo "SCLE: librootcheck.a"
+ 	${OSSEC_LINK} $@ $^
+ 	${OSSEC_RANLIB} $@
+ 
+@@ -2035,7 +2068,7 @@ librootcheck.a: ${rootcheck_o_lib}
+ #### FIM ######
+ 
+ wazuh-syscheckd: librootcheck.a libwazuh.a ${WAZUHEXT_LIB} build_shared_modules
+-	cd syscheckd && mkdir -p build && cd build && cmake ${CMAKE_OPTS} -DCMAKE_C_FLAGS="${DEFINES} -pipe -Wall -Wextra -std=gnu99" ${SYSCHECK_TEST} ${SYSCHECK_RELEASE_TYPE} .. && ${MAKE}
++	cd syscheckd && mkdir -p build && cd build && cmake ${CMAKE_OPTS} -DCMAKE_C_FLAGS="${DEFINES} -pipe -Wall -Wextra -std=gnu99" ${SYSCHECK_TEST} ${SYSCHECK_RELEASE_TYPE} --log-level=DEBUG .. && ${MAKE}
+ 
+ #### Monitor #######
+ 
+@@ -2070,9 +2103,11 @@ os_auth/%.o: os_auth/%.c
+ 	${OSSEC_CC} ${OSSEC_CFLAGS} -I./os_auth -DARGV0=\"wazuh-authd\" -c $^ -o $@
+ 
+ agent-auth: addagent/validate.o os_auth/main-client.o os_auth/ssl.o os_auth/check_cert.o
++	@echo "agent-auth - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
+ 	${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
+ 
+ wazuh-authd: addagent/validate.o os_auth/main-server.o os_auth/local-server.o os_auth/ssl.o os_auth/check_cert.o os_auth/config.o os_auth/authcom.o os_auth/auth.o os_auth/key_request.o os_auth/generate_cert.o
++	@echo "wazuh-authd - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
+ 	${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
+ 
+ #### integratord #####
diff --git a/recipes-scanners/wazuh/files/0002-headers-correction.patch b/recipes-scanners/wazuh/files/0002-headers-correction.patch
new file mode 100644
index 0000000..1ffb5bb
--- /dev/null
+++ b/recipes-scanners/wazuh/files/0002-headers-correction.patch
@@ -0,0 +1,251 @@
+--- a/src/headers/expression.h
++++ b/src/headers/expression.h
+@@ -12,7 +12,8 @@
+ #define EXPRESSION_H_
+ #define PCRE2_CODE_UNIT_WIDTH 8
+ 
+-#include "../external/libpcre2/include/pcre2.h"
++//#include "../external/libpcre2/include/pcre2.h"
++#include <pcre2.h>
+ #include "../os_regex/os_regex.h"
+ 
+ #define OSMATCH_STR  "osmatch"
+--- a/src/headers/regex_op.h
++++ b/src/headers/regex_op.h
+@@ -13,7 +13,8 @@
+ 
+ #ifndef WIN32
+ #include <regex.h>
+-#include "../external/sqlite/sqlite3.h"
++#include <sqlite3.h>
++//#include "../external/sqlite/sqlite3.h"
+ 
+ /**
+  * @brief Compare a string with a regular expression.
+--- a/src/headers/url.h
++++ b/src/headers/url.h
+@@ -12,7 +12,8 @@
+ #ifndef URL_GET_H_
+ #define URL_GET_H_
+ 
+-#include "../external/curl/include/curl/curl.h"
++//#include "../external/curl/include/curl/curl.h"
++#include <curl.h>
+ 
+ #define WURL_WRITE_FILE_ERROR "Cannot open file '%s'"
+ #define WURL_DOWNLOAD_FILE_ERROR "Cannot download file '%s' from URL: '%s'"
+--- a/src/headers/yaml2json.h
++++ b/src/headers/yaml2json.h
+@@ -11,7 +11,8 @@
+ #ifndef YAML2JSON_H
+ #define YAML2JSON_H
+ 
+-#include "../external/libyaml/include/yaml.h"
++//#include "../external/libyaml/include/yaml.h"
++#include <yaml.h>
+ #include <cJSON.h>
+ 
+ int yaml_parse_stdin(yaml_document_t * document);
+--- a/src/config/syscheck-config.h
++++ b/src/config/syscheck-config.h
+@@ -143,7 +143,8 @@ typedef enum fdb_stmt {
+ 
+ #include "../os_crypto/md5_sha1_sha256/md5_sha1_sha256_op.h"
+ #include "integrity_op.h"
+-#include "../external/sqlite/sqlite3.h"
++//#include "../external/sqlite/sqlite3.h"
++#include <sqlite3.h>
+ #include "../headers/list_op.h"
+ 
+ #ifdef WIN32
+--- a/src/monitord/compress_log.c
++++ b/src/monitord/compress_log.c
+@@ -10,8 +10,8 @@
+ 
+ #include "shared.h"
+ #include "monitord.h"
+-#include "../external/zlib/zlib.h"
+-
++//#include "../external/zlib/zlib.h"
++#include <zlib.h>
+ 
+ /* gzip a log file */
+ void OS_CompressLog(const char *logfile)
+--- a/src/wazuh_db/wdb.h
++++ b/src/wazuh_db/wdb.h
+@@ -15,7 +15,8 @@
+ #include <shared.h>
+ #include <pthread.h>
+ #include <openssl/evp.h>
+-#include "../external/sqlite/sqlite3.h"
++//#include "../external/sqlite/sqlite3.h"
++#include <sqlite3.h>
+ #include "syscheck_op.h"
+ #include "rootcheck_op.h"
+ #include "wazuhdb_op.h"
+--- a/src/wazuh_modules/wm_control.c
++++ b/src/wazuh_modules/wm_control.c
+@@ -20,7 +20,8 @@
+ #include "wm_control.h"
+ #include "sysInfo.h"
+ #include "sym_load.h"
+-#include "external/cJSON/cJSON.h"
++//#include "external/cJSON/cJSON.h"
++#include <cJSON.h>
+ #include "file_op.h"
+ #include "../os_net/os_net.h"
+ static void *wm_control_main();
+--- a/src/wazuh_modules/wm_database.c
++++ b/src/wazuh_modules/wm_database.c
+@@ -14,7 +14,8 @@
+ #include "remoted_op.h"
+ #include "wazuh_db/helpers/wdb_global_helpers.h"
+ #include "addagent/manage_agents.h" // FILE_SIZE
+-#include "external/cJSON/cJSON.h"
++//#include "external/cJSON/cJSON.h"
++#include <cJSON.h>
+ 
+ #ifndef CLIENT
+ 
+--- a/src/wazuh_modules/agent_upgrade/agent/wm_agent_upgrade_com.c
++++ b/src/wazuh_modules/agent_upgrade/agent/wm_agent_upgrade_com.c
+@@ -21,7 +21,8 @@
+ #endif
+ 
+ #include <shared.h>
+-#include "external/zlib/zlib.h"
++//#include "external/zlib/zlib.h"
++#include <zlib.h>
+ #include "os_crypto/sha1/sha1_op.h"
+ #include "os_crypto/signature/signature.h"
+ #include "wazuh_modules/wmodules.h"
+--- a/src/wazuh_db/wdb_parser.c
++++ b/src/wazuh_db/wdb_parser.c
+@@ -12,7 +12,8 @@
+ #include "wazuhdb_op.h"
+ #include "wdb.h"
+ #include "wdb_agents.h"
+-#include "external/cJSON/cJSON.h"
++//#include "external/cJSON/cJSON.h"
++#include <cJSON.h>
+ #include "wdb_state.h"
+ 
+ #define HOTFIXES_FIELD_COUNT 3
+--- a/src/shared/file_op.c
++++ b/src/shared/file_op.c
+@@ -14,7 +14,8 @@
+ #include "shared.h"
+ #include "version_op.h"
+ 
+-#include "../external/zlib/zlib.h"
++//#include "../external/zlib/zlib.h"
++#include <zlib.h>
+ 
+ #ifdef WAZUH_UNIT_TESTING
+ #ifdef WIN32
+--- a/src/shared/debug_op.c
++++ b/src/shared/debug_op.c
+@@ -9,7 +9,8 @@
+  */
+ 
+ #include "headers/shared.h"
+-#include <external/cJSON/cJSON.h>
++//#include <external/cJSON/cJSON.h>
++#include <cJSON.h>
+ 
+ #ifdef WIN32
+ #define localtime_r(x, y) localtime_s(y, x)
+--- a/src/os_zlib/os_zlib.c
++++ b/src/os_zlib/os_zlib.c
+@@ -10,7 +10,8 @@
+ 
+ #include "os_zlib.h"
+ 
+-#include "../external/zlib/zlib.h"
++//#include "../external/zlib/zlib.h"
++#include <zlib.h>
+ 
+ unsigned long int os_zlib_compress(const char *src, char *dst,
+                                    unsigned long int src_size,
+--- a/src/rootcheck/config.c
++++ b/src/rootcheck/config.c
+@@ -12,7 +12,8 @@
+ #include "shared.h"
+ #include "rootcheck.h"
+ #include "config/config.h"
+-#include "external/cJSON/cJSON.h"
++//#include "external/cJSON/cJSON.h"
++#include <cJSON.h>
+ 
+ 
+ /* Read the rootcheck config */
+diff --git a/src/os_execd/execd.c b/src/os_execd/execd.c
+index 6e07023b02..d4263b1559 100644
+--- a/src/os_execd/execd.c
++++ b/src/os_execd/execd.c
+@@ -13,7 +13,8 @@
+ #include "os_regex/os_regex.h"
+ #include "os_net/os_net.h"
+ #include "wazuh_modules/wmodules.h"
+-#include "../external/cJSON/cJSON.h"
++//#include "../external/cJSON/cJSON.h"
++#include <cJSON.h>
+ #include "execd.h"
+ #include "active-response/active_responses.h"
+ 
+diff --git a/src/os_execd/wcom.c b/src/os_execd/wcom.c
+index ea99700ba7..bc731c1a2a 100644
+--- a/src/os_execd/wcom.c
++++ b/src/os_execd/wcom.c
+@@ -15,7 +15,8 @@
+ #include "os_crypto/sha1/sha1_op.h"
+ #include "os_crypto/signature/signature.h"
+ #include "wazuh_modules/wmodules.h"
+-#include "external/zlib/zlib.h"
++//#include "external/zlib/zlib.h"
++#include <zlib.h>
+ #include "client-agent/agentd.h"
+ #include "logcollector/logcollector.h"
+ #include "rootcheck/rootcheck.h"
+diff --git a/src/addagent/manage_keys.c b/src/addagent/manage_keys.c
+index c1cd1e8245..330ae9fb7f 100644
+--- a/src/addagent/manage_keys.c
++++ b/src/addagent/manage_keys.c
+@@ -10,7 +10,8 @@
+ 
+ #include "manage_agents.h"
+ #include "os_crypto/md5/md5_op.h"
+-#include "external/cJSON/cJSON.h"
++//#include "external/cJSON/cJSON.h"
++#include <cJSON.h>
+ #include <stdlib.h>
+ #include "config/authd-config.h"
+ 
+diff --git a/src/addagent/manage_agents.c b/src/addagent/manage_agents.c
+index 3f32cac1ea..1a9a369cff 100644
+--- a/src/addagent/manage_agents.c
++++ b/src/addagent/manage_agents.c
+@@ -16,7 +16,8 @@
+ #include "debug_op.h"
+ #include "defs.h"
+ #include "os_crypto/md5/md5_op.h"
+-#include "external/cJSON/cJSON.h"
++//#include "external/cJSON/cJSON.h"
++#include <cJSON.h>
+ #include "os_err.h"
+ #include <stdio.h>
+ #include <stdlib.h>
+diff --git a/src/syscheckd/src/whodata/syscheck_audit.c b/src/syscheckd/src/whodata/syscheck_audit.c
+index b516852cea..c4e572753d 100644
+--- a/src/syscheckd/src/whodata/syscheck_audit.c
++++ b/src/syscheckd/src/whodata/syscheck_audit.c
+@@ -9,7 +9,8 @@
+  */
+ #ifdef __linux__
+ #include "syscheck_audit.h"
+-#include "../external/procps/readproc.h"
++//#include "../external/procps/readproc.h"
++#include <proc/readproc.h>
+ 
+ #include <sys/socket.h>
+ #include <sys/un.h>
diff --git a/recipes-scanners/wazuh/files/0003-CMakeLists.patch b/recipes-scanners/wazuh/files/0003-CMakeLists.patch
new file mode 100644
index 0000000..901e31a
--- /dev/null
+++ b/recipes-scanners/wazuh/files/0003-CMakeLists.patch
@@ -0,0 +1,76 @@
+diff --git a/src/shared_modules/dbsync/CMakeLists.txt b/src/shared_modules/dbsync/CMakeLists.txt
+index bca1b4b3d3..88671b07fc 100644
+--- a/src/shared_modules/dbsync/CMakeLists.txt
++++ b/src/shared_modules/dbsync/CMakeLists.txt
+@@ -43,6 +43,9 @@ include_directories(${CMAKE_SOURCE_DIR}/include/)
+ include_directories(${CMAKE_SOURCE_DIR}/src/)
+ include_directories(${SHARED_MODULES}/utils/)
+ include_directories(${SHARED_MODULES}/common/)
++include_directories(${STAGING_DIR}/usr/include/)
++include_directories(${STAGING_DIR}/usr/include/cjson/)
++include_directories(${STAGING_DIR}/usr/include/curl/)
+ 
+ if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
+   link_directories(${INSTALL_PREFIX}/lib)
+@@ -54,6 +57,8 @@ endif(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
+ link_directories(${SRC_FOLDER})
+ link_directories(${SRC_FOLDER}/external/sqlite/)
+ link_directories(${SRC_FOLDER}/external/cJSON/)
++link_directories(${STAGING_DIR}/lib/)
++link_directories(${STAGING_DIR}/usr/lib/)
+ 
+ file(GLOB DBSYNC_SRC
+     "${CMAKE_SOURCE_DIR}/src/*.cpp"
+diff --git a/src/shared_modules/rsync/CMakeLists.txt b/src/shared_modules/rsync/CMakeLists.txt
+index 298ff49d94..e62c7abcac 100644
+--- a/src/shared_modules/rsync/CMakeLists.txt
++++ b/src/shared_modules/rsync/CMakeLists.txt
+@@ -45,6 +45,9 @@ include_directories(${CMAKE_SOURCE_DIR}/src/)
+ include_directories(${SHARED_MODULES}/dbsync/include/)
+ include_directories(${SHARED_MODULES}/utils/)
+ include_directories(${SHARED_MODULES}/common/)
++include_directories(${STAGING_DIR}/usr/include/)
++include_directories(${STAGING_DIR}/usr/include/cjson/)
++include_directories(${STAGING_DIR}/usr/include/curl/)
+ 
+ if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
+   link_directories(${INSTALL_PREFIX}/lib)
+@@ -57,6 +60,8 @@ link_directories(${SHARED_MODULES}/dbsync/build/lib/)
+ link_directories(${SRC_FOLDER})
+ link_directories(${SRC_FOLDER}/external/cJSON/)
+ link_directories(${SRC_FOLDER}/external/openssl/)
++link_directories(${STAGING_DIR}/lib/)
++link_directories(${STAGING_DIR}/usr/lib/)
+ 
+ file(GLOB RSYNC_SRC
+     "${CMAKE_SOURCE_DIR}/src/*.cpp")
+--- a/src/syscheckd/CMakeLists.txt
++++ b/src/syscheckd/CMakeLists.txt
+@@ -10,6 +10,8 @@ endif()
+ 
+ get_filename_component(SRC_FOLDER ${CMAKE_SOURCE_DIR}/../ ABSOLUTE)
+ 
++set(CMAKE_VERBOSE_MAKEFILE ON)
++
+ include_directories(${SRC_FOLDER}/headers/)
+ include_directories(${SRC_FOLDER}/external/cJSON/)
+ include_directories(${SRC_FOLDER}/external/bzip2/)
+@@ -20,6 +22,9 @@ include_directories(${SRC_FOLDER}/external/openssl/include/)
+ include_directories(${SRC_FOLDER}/shared_modules/common/)
+ include_directories(${CMAKE_SOURCE_DIR}/include)
+ include_directories(${CMAKE_SOURCE_DIR}/src/db/include/)
++include_directories(${STAGING_DIR}/usr/include/)
++include_directories(${STAGING_DIR}/usr/include/cjson/)
++include_directories(${STAGING_DIR}/usr/include/curl/)
+ 
+ if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
+   link_directories(${INSTALL_PREFIX}/lib)
+@@ -28,6 +33,8 @@ endif(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
+ link_directories(${SRC_FOLDER}/shared_modules/dbsync/build/lib/)
+ link_directories(${SRC_FOLDER}/shared_modules/rsync/build/lib/)
+ link_directories(${SRC_FOLDER}/)
++link_directories(${STAGING_DIR}/lib/)
++link_directories(${STAGING_DIR}/usr/lib/)
+ 
+ add_definitions(-DARGV0="wazuh-syscheckd")
+ 
diff --git a/recipes-scanners/wazuh/files/ossec.conf b/recipes-scanners/wazuh/files/ossec.conf
new file mode 100644
index 0000000..01b87b4
--- /dev/null
+++ b/recipes-scanners/wazuh/files/ossec.conf
@@ -0,0 +1,188 @@
+<!--
+  Wazuh - Agent - Default configuration for Yocto build
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+-->
+
+<ossec_config>
+  <client>
+    <server>
+      <address>MANAGER_IP</address>
+      <port>1514</port>
+      <protocol>tcp</protocol>
+    </server>
+    <config-profile>yocto, zeus</config-profile>
+    <notify_time>10</notify_time>
+    <time-reconnect>60</time-reconnect>
+    <auto_restart>yes</auto_restart>
+    <crypto_method>aes</crypto_method>
+  </client>
+
+  <client_buffer>
+    <!-- Agent buffer options -->
+    <disabled>no</disabled>
+    <queue_size>5000</queue_size>
+    <events_per_second>500</events_per_second>
+  </client_buffer>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </wodle>
+
+  <sca>
+    <enabled>yes</enabled>
+    <scan_on_start>yes</scan_on_start>
+    <interval>12h</interval>
+    <skip_nfs>yes</skip_nfs>
+  </sca>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories>/etc,/usr/bin,/usr/sbin</directories>
+    <directories>/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+
+    <!-- File types to ignore -->
+    <ignore type="sregex">.log$|.swp$</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+    <skip_dev>yes</skip_dev>
+    <skip_proc>yes</skip_proc>
+    <skip_sys>yes</skip_sys>
+
+    <!-- Nice value for Syscheck process -->
+    <process_priority>10</process_priority>
+
+    <!-- Maximum output throughput -->
+    <max_eps>100</max_eps>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_interval>1h</max_interval>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </syscheck>
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <!-- Active response -->
+  <active-response>
+    <disabled>no</disabled>
+    <ca_store>etc/wpk_root.pem</ca_store>
+    <ca_store>/path/to/my_cert.pem</ca_store>
+    <ca_verification>yes</ca_verification>
+  </active-response>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+</ossec_config>
diff --git a/recipes-scanners/wazuh/files/wazuh-agent.service b/recipes-scanners/wazuh/files/wazuh-agent.service
new file mode 100644
index 0000000..9a10922
--- /dev/null
+++ b/recipes-scanners/wazuh/files/wazuh-agent.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Wazuh agent
+Wants=network-online.target
+After=network.target network-online.target
+
+[Service]
+Type=forking
+
+ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start
+ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop
+ExecReload=/usr/bin/env /var/ossec/bin/wazuh-control reload
+
+KillMode=process
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb b/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb
new file mode 100644
index 0000000..684b181
--- /dev/null
+++ b/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb
@@ -0,0 +1,253 @@
+# Copyright (C) 2023 Vincent BENOIT <vincent.benoit@scle.fr>
+# Release under the MIT license (see COPYING.MIT for the terms)
+HOMEPAGE = "https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html"
+SUMMARY = "The agent runs on the host you want to monitor and communicates with the Wazuh server"
+MAINTAINER = "Vincent BENOIT <vincent.benoit@benserv.fr>"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=i522ae3a9266aa0b86a5f314c85dbb560"
+LICENSE = "CLOSED"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+DEPENDS = "curl-native \
+           audit-userspace \
+           cjson \
+           curl \
+           libffi \
+           procps \
+           openssl \
+           libyaml \
+           libdbi \
+           libffi \
+           libyaml \
+           openssl \
+           procps \
+           sqlite3 \
+           zlib \
+           bzip2 \
+           nlohmann-json \
+           googletest \
+           libpcre2 \
+           libplist \
+           libarchive \
+           popt \
+           msgpack-c \
+           rpm \
+           cmake-native \
+           wazuh-users \
+         "
+
+RDEPENDS_${PN} += "wazuh-users"
+
+inherit systemd
+
+SRC_URI = " \
+    git://github.com/wazuh/wazuh.git;protocol=https;branch=master \
+    file://ossec.conf \
+    file://wazuh-agent.service \
+    file://0001-Makefile.patch \
+    file://0002-headers-correction.patch \
+    file://0003-CMakeLists.patch \
+    "
+
+SRCREV = "786d3137f57ca9132c4cfc4501ad68c2554c3cb8"
+PV = "4.7.0"
+S = "${WORKDIR}/git"
+
+SYSTEMD_AUTO_ENABLE = "enable"
+SYSTEMD_SERVICE_${PN} = "wazuh-agent.service"
+
+EXTRA_OEMAKE = ' \
+                CC="${CC}" \
+                CXX="${CXX}" \
+                RANLIB="${RANLIB}" \
+                AR="${AR}" \
+                CFLAGS="${CFLAGS} -I${STAGING_INCDIR} -I${STAGING_INCDIR}/cjson -I${STAGING_INCDIR}/curl" \
+                LDFLAGS="-Wl,--sysroot=${STAGING_DIR_TARGET} -L${STAGING_LIBDIR} -lm -lcjson -lssl -lcrypto -lpcre2-8 -lz -lsqlite3 -lyaml -lcurl -lmsgpackc -laudit -lprocps" \
+                CMAKE_OPTS="-DSTAGING_DIR=${STAGING_DIR_TARGET}" \
+               '
+do_compile() {
+    (cd src && oe_runmake TARGET=agent INSTALLDIR="/var/ossec")
+}
+
+do_install() {
+	install -d ${D}${systemd_unitdir}/system/
+	install -m 0644 ${WORKDIR}/wazuh-agent.service ${D}${systemd_unitdir}/system/
+
+	install -d -o root -g wazuh ${D}/var/ossec
+	install -d ${D}/var/ossec/lib
+	install -m 0750 -o root -g wazuh ${S}/src/libwazuhext.so ${D}/var/ossec/lib/
+	install -m 0750 -o root -g wazuh ${S}/src/libwazuhshared.so ${D}/var/ossec/lib/
+	install -m 0750 -o root -g wazuh ${S}/src/shared_modules/dbsync/build/lib/libdbsync.so ${D}/var/ossec/lib/
+	install -m 0750 -o root -g wazuh ${S}/src/shared_modules/rsync/build/lib/librsync.so ${D}/var/ossec/lib/
+	install -m 0750 -o root -g wazuh ${S}/src/syscheckd/build/lib/libfimdb.so ${D}/var/ossec/lib/
+
+	chrpath -d ${D}/var/ossec/lib/libfimdb.so
+	chrpath -d ${D}/var/ossec/lib/librsync.so
+	chrpath -d ${D}/var/ossec/lib/libdbsync.so
+
+	install -d ${D}/var/ossec/bin
+	install -m 0750 ${S}/src/wazuh-agentd ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/agent-auth ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/wazuh-logcollector ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/syscheckd/build/bin/wazuh-syscheckd ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/wazuh-execd ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/manage_agents ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/wazuh-modulesd ${D}/var/ossec/bin/
+	install -m 0750 ${S}/src/init/wazuh-client.sh ${D}/var/ossec/bin/wazuh-control
+
+	chrpath -d ${D}/var/ossec/bin/wazuh-syscheckd
+
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/tmp
+
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/queue
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/rids
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/alerts
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/sockets
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/diff
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/fim
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/fim/db
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/syscollector
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/syscollector/db
+	install -m 0640 ${S}/src/wazuh_modules/syscollector/norm_config.json ${D}/var/ossec/queue/syscollector/
+	chown root:wazuh ${D}/var/ossec/queue/syscollector/norm_config.json
+	install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/logcollector
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/incoming
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/generic
+	install -m 0640 -o root -g wazuh ${S}/ruleset/sca/generic/*.yml ${D}/var/ossec/ruleset/sca/generic/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/mongodb
+	install -m 0640 -o root -g wazuh ${S}/ruleset/sca/mongodb/*.yml ${D}/var/ossec/ruleset/sca/mongodb/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/applications
+	install -m 0640 -o root -g wazuh ${S}/ruleset/sca/applications/*.yml ${D}/var/ossec/ruleset/sca/applications/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/nginx
+	install -m 0640 -o root -g wazuh ${S}/ruleset/sca/nginx/*.yml ${D}/var/ossec/ruleset/sca/nginx/
+
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud/pubsub
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud/buckets
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/var/wodles
+	install -m 0750 -o root -g wazuh ${S}/wodles/__init__.py ${D}/var/ossec/wodles/
+	install -m 0750 -o root -g wazuh ${S}/wodles/utils.py ${D}/var/ossec/wodles/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/aws
+	install -m 0750 -o root -g wazuh ${S}/wodles/aws/aws_s3.py ${D}/var/ossec/wodles/aws/aws-s3
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/gcloud.py ${D}/var/ossec/wodles/gcloud/gcloud
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/integration.py ${D}/var/ossec/wodles/gcloud/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/tools.py ${D}/var/ossec/wodles/gcloud/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/exceptions.py ${D}/var/ossec/wodles/gcloud/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/buckets/bucket.py ${D}/var/ossec/wodles/gcloud/buckets/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/buckets/access_logs.py ${D}/var/ossec/wodles/gcloud/buckets/
+	install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/pubsub/subscriber.py ${D}/var/ossec/wodles/gcloud/pubsub/
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/docker
+	install -m 0750 -o root -g wazuh ${S}/wodles/docker-listener/DockerListener.py ${D}/var/ossec/wodles/docker/DockerListener
+	install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/azure
+	install -m 0750 -o root -g wazuh ${S}/wodles/azure/azure-logs.py ${D}/var/ossec/wodles/azure/azure-logs
+	install -m 0750 -o root -g wazuh ${S}/wodles/azure/orm.py ${D}/var/ossec/wodles/azure/
+
+	install -d -o wazuh -g wazuh ${D}/var/ossec/etc
+	install -d -o root -g wazuh ${D}/var/ossec/etc/shared
+	install -m 0660 -o root -g wazuh ${WORKDIR}/ossec.conf ${D}/var/ossec/etc/
+	install -m 0660 -o root -g wazuh ${S}/ruleset/rootcheck/db/*.txt ${D}/var/ossec/etc/shared/
+	install -m 0640 -o root -g wazuh ${S}/etc/wpk_root.pem ${D}/var/ossec/etc/
+	touch ${D}/var/ossec/etc/client.keys
+	chown -R root:wazuh ${D}/var/ossec/etc/client.keys
+
+	install -m 0640 -o root -g wazuh ${S}/etc/internal_options.conf ${D}/var/ossec/etc/
+	install -m 0640 -o root -g wazuh ${S}/etc/local_internal_options.conf ${D}/var/ossec/etc/
+
+	install -d -o root -g wazuh ${D}/var/ossec/active-response
+	install -d -o root -g wazuh ${D}/var/ossec/active-response/bin
+	install -m 0750 -o root -g wazuh ${S}/src/firewalld-drop ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/wazuh-slack ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/route-null ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/restart-wazuh ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/kaspersky ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/ip-customblock ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/pf ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/npf ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/ipfw ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/default-firewall-drop ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/disable-account ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/host-deny ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/active-response/kaspersky.py ${D}/var/ossec/active-response/bin/
+	install -m 0750 -o root -g wazuh ${S}/src/active-response/restart.sh ${D}/var/ossec/active-response/bin/
+
+	install -d -o root -g wazuh ${D}/var/ossec/agentless
+	install -m 0750 -o root -g wazuh ${S}/src/agentlessd/scripts/* ${D}/var/ossec/agentless/
+
+	install -d -o root -g wazuh ${D}/var/ossec/var
+	install -d -o root -g wazuh ${D}/var/ossec/var/run
+	install -d -o root -g wazuh ${D}/var/ossec/var/upgrade
+	install -d -o root -g wazuh ${D}/var/ossec/var/selinux
+	install -d -o root -g wazuh ${D}/var/ossec/var/incoming
+	install -d -o root -g wazuh ${D}/var/ossec/backup
+
+	install -d -o wazuh -g wazuh ${D}/var/ossec/logs
+	touch ${D}/var/ossec/logs/ossec.log
+	chown -R wazuh:wazuh ${D}/var/ossec/logs/ossec.log
+
+	touch ${D}/var/ossec/logs/ossec.json
+	chown -R wazuh:wazuh ${D}/var/ossec/logs/ossec.json
+	install -d -o wazuh -g wazuh ${D}/var/ossec/logs/wazuh
+}
+
+FILES_${PN} += " \
+                 ${systemd_unitdir}/system/wazuh-agent.service \
+                 /var/ossec/lib/libwazuhext.so \
+                 /var/ossec/lib/libwazuhshared.so \
+                 /var/ossec/lib/libdbsync.so \
+                 /var/ossec/lib/librsync.so \
+                 /var/ossec/lib/libfimdb.so \
+                 /var/ossec/bin/wazuh-agentd \
+                 /var/ossec/bin/agent-auth \
+                 /var/ossec/bin/wazuh-logcollector \
+                 /var/ossec/bin/wazuh-syscheckd \
+                 /var/ossec/bin/wazuh-execd \
+                 /var/ossec/bin/manage_agents \
+                 /var/ossec/bin/wazuh-modulesd \
+                 /var/ossec/bin/wazuh-control \
+                 /var/ossec/etc/ossec.conf \
+                 /var/ossec/etc/shared/*.txt \
+                 /var/ossec/etc/wpk_root.pem \
+                 /var/ossec/etc/client.keys \
+                 /var/ossec/etc/internal_options.conf \
+                 /var/ossec/etc/local_internal_options.conf \
+                 /var/ossec/active-response/bin/firewalld-drop \
+                 /var/ossec/active-response/bin/wazuh-slack \
+                 /var/ossec/active-response/bin/route-null \
+                 /var/ossec/active-response/bin/restart-wazuh \
+                 /var/ossec/active-response/bin/kaspersky \
+                 /var/ossec/active-response/bin/ip-customblock \
+                 /var/ossec/active-response/bin/pf \
+                 /var/ossec/active-response/bin/npf \
+                 /var/ossec/active-response/bin/ipfw \
+                 /var/ossec/active-response/bin/default-firewall-drop \
+                 /var/ossec/active-response/bin/disable-account \
+                 /var/ossec/active-response/bin/host-deny \
+                 /var/ossec/active-response/bin/kapersky.py \
+                 /var/ossec/active-response/bin/restart.sh \
+                 /var/ossec/ruleset/sca/generic/*.yml \
+                 /var/ossec/ruleset/sca/mongodb/*.yml \
+                 /var/ossec/ruleset/sca/applications/*.yml \
+                 /var/ossec/ruleset/sca/nginx/*.yml \
+                 /var/ossec/wodles/__init__.py \
+                 /var/ossec/wodles/utils.py \
+                 /var/ossec/wodles/aws/aws-s3 \
+                 /var/ossec/wodles/gcloud/gcloud \
+                 /var/ossec/wodles/gcloud/integration.py \
+                 /var/ossec/wodles/gcloud/tools.py \
+                 /var/ossec/wodles/gcloud/exceptions.py \
+                 /var/ossec/wodles/gcloud/buckets/bucket.py \
+                 /var/ossec/wodles/gcloud/buckets/access_logs.py \
+                 /var/ossec/wodles/gcloud/pubsub/subscriber.py \
+                 /var/ossec/wodles/docker/DockerListener \
+                 /var/ossec/wodles/azure/azure-logs \
+                 /var/ossec/wodles/azure/orm.py \
+                 /var/ossec/agentless/* \
+                 /var/ossec/logs/ossec.log \
+                 /var/ossec/logs/ossec.json \
+               "
+
+INSANE_SKIP_${PN} = "ldflags"
+#For dev packages only
+INSANE_SKIP_${PN}-dev = "ldflags"
diff --git a/recipes-scanners/wazuh/wazuh-users.bb b/recipes-scanners/wazuh/wazuh-users.bb
new file mode 100644
index 0000000..27aedfe
--- /dev/null
+++ b/recipes-scanners/wazuh/wazuh-users.bb
@@ -0,0 +1,23 @@
+# Copyright (C) 2023 Vincent BENOIT <vincent.benoit@scle.fr>
+# Release under the MIT license (see COPYING.MIT for the terms)
+
+SUMMARY = "Wazuh Users"
+MAINTAINER = "Vincent BENOIT <vincent.benoit@scle.fr>"
+LICENSE = "CLOSED"
+
+#DEPENDS_${PN} = "base-files"
+
+S = "${WORKDIR}"
+
+inherit useradd
+
+USERADD_PACKAGES = "${PN}"
+
+GROUPADD_PARAM_${PN} = "-g 987 --system wazuh;"
+
+# To change the password use something like this : "mkpasswd -m sha-512 p@ssw0rd -s 'seed'"
+# mkpasswd from 'whois' debian package
+USERADD_PARAM_${PN} = "-u 1234 -g 987 --system --shell /bin/bash --password '\$6\$wazuhAgent\$Q/QdBOx6lTuY6Z0P8yTRYboRNil49oNOJOwG41H3.9YLnAMmuKG6qw8hwWuE7r/rdirrd9zhdHVFLJNpJK6Mn1' wazuh"
+
+# Specify whether to produce an output package even if it is empty
+ALLOW_EMPTY_${PN} = "1"
diff --git a/recipes-support/sqlite/sqlite3.inc b/recipes-support/sqlite/sqlite3.inc
new file mode 100644
index 0000000..4af1e09
--- /dev/null
+++ b/recipes-support/sqlite/sqlite3.inc
@@ -0,0 +1,70 @@
+SUMMARY = "Embeddable SQL database engine"
+HOMEPAGE = "http://www.sqlite.org"
+SECTION = "libs"
+
+PE = "3"
+
+def sqlite_download_version(d):
+    pvsplit = d.getVar('PV').split('.')
+    if len(pvsplit) < 4:
+        pvsplit.append('0')
+    return pvsplit[0] + ''.join([part.rjust(2,'0') for part in pvsplit[1:]])
+
+SQLITE_PV = "${@sqlite_download_version(d)}"
+
+S = "${WORKDIR}/sqlite-autoconf-${SQLITE_PV}"
+
+UPSTREAM_CHECK_URI = "http://www.sqlite.org/"
+UPSTREAM_CHECK_REGEX = "releaselog/(?P<pver>(\d+[\.\-_]*)+)\.html"
+
+CVE_PRODUCT = "sqlite"
+
+inherit autotools pkgconfig siteinfo
+
+# enable those which are enabled by default in configure
+PACKAGECONFIG ?= "fts4 fts5 json1 rtree dyn_ext"
+PACKAGECONFIG_class-native ?= "fts4 fts5 json1 rtree dyn_ext"
+
+PACKAGECONFIG[editline] = "--enable-editline,--disable-editline,libedit"
+PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline ncurses"
+PACKAGECONFIG[fts3] = "--enable-fts3,--disable-fts3"
+PACKAGECONFIG[fts4] = "--enable-fts4,--disable-fts4"
+PACKAGECONFIG[fts5] = "--enable-fts5,--disable-fts5"
+PACKAGECONFIG[json1] = "--enable-json1,--disable-json1"
+PACKAGECONFIG[rtree] = "--enable-rtree,--disable-rtree"
+PACKAGECONFIG[session] = "--enable-session,--disable-session"
+PACKAGECONFIG[dyn_ext] = "--enable-dynamic-extensions,--disable-dynamic-extensions"
+PACKAGECONFIG[zlib] = ",,zlib"
+
+CACHED_CONFIGUREVARS += "${@bb.utils.contains('PACKAGECONFIG', 'zlib', '', 'ac_cv_search_deflate=no',d)}"
+
+EXTRA_OECONF = " \
+    --enable-shared \
+    --enable-threadsafe \
+    --disable-static-shell \
+"
+
+CFLAGS_append = " -fPIC"
+
+# pread() is in POSIX.1-2001 so any reasonable system must surely support it
+CFLAGS_append = " -DUSE_PREAD"
+
+# Provide column meta-data API
+CFLAGS_append = " -DSQLITE_ENABLE_COLUMN_METADATA"
+
+# Unless SQLITE_BYTEORDER is predefined, the code falls back to build time
+# huristics, which are not always correct
+CFLAGS_append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}"
+
+PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}"
+
+FILES_${PN} = "${bindir}/*"
+FILES_lib${BPN} = "${libdir}/*.so.*"
+FILES_lib${BPN}-dev = "${libdir}/*.la ${libdir}/*.so \
+                       ${libdir}/pkgconfig ${includedir}"
+FILES_lib${BPN}-doc = "${docdir} ${mandir} ${infodir}"
+FILES_lib${BPN}-staticdev = "${libdir}/lib*.a"
+
+AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-support/sqlite/sqlite3_3.36.0.bb b/recipes-support/sqlite/sqlite3_3.36.0.bb
new file mode 100644
index 0000000..1738d12
--- /dev/null
+++ b/recipes-support/sqlite/sqlite3_3.36.0.bb
@@ -0,0 +1,11 @@
+require sqlite3.inc
+
+LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
+
+SRC_URI = "http://www.sqlite.org/2021/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+"
+SRC_URI[md5sum] = "f5752052fc5b8e1b539af86a3671eac7"
+SRC_URI[sha256sum] = "bd90c3eb96bee996206b83be7065c9ce19aef38c3f4fb53073ada0d0b69bbce3"
+
+PREFERRED_VERSION_glibc = "2.30"
diff --git a/scripts/envsetup.sh b/scripts/envsetup.sh
new file mode 100644
index 0000000..5d8ab30
--- /dev/null
+++ b/scripts/envsetup.sh
@@ -0,0 +1,274 @@
+#!/bin/bash
+
+#----------------------------------------------
+# Make sure script has been sourced
+#
+if [ "$0" = "$BASH_SOURCE" ]; then
+    echo "###################################"
+    echo "ERROR: YOU MUST SOURCE the script"
+    echo "###################################"
+    exit 1
+fi
+
+BUILD_DIR=$1
+
+# Init env var
+SCLE_ROOT_DIR=`realpath $PWD`
+SCLE_DIR="meta-cyber-scle"
+
+if [ "a${SCLE_DL_DIR}" = "a" ]; then
+	SCLE_DL_DIR="$SCLE_ROOT_DIR/oe-downloads"
+fi
+
+if [ "a${SCLE_SSTATE_DIR}" = "a" ]; then
+	SCLE_SSTATE_DIR="${SCLE_ROOT_DIR}/sstate-cache"
+fi
+
+# Use utf-8 encoding
+if ! echo $LANG | grep -q "en_US.UTF-8"
+then
+	export LANG="en_US.UTF-8"
+fi
+
+if [ "a${DISTRO}" = "a" ]; then
+	DISTRO="rpi-distro"
+fi
+
+if [ "a${MACHINE}" = "a" ]; then
+	MACHINE="raspberrypi4"
+fi
+
+if [ "a${VERS}" = "a" ]; then
+	VERS="none"
+fi
+
+if [ "a${REV}" = "a" ]; then
+	REV="0"
+fi
+
+_TEMPLATECONF="$SCLE_ROOT_DIR/${SCLE_DIR}/conf/template/"
+
+#----------------------------------------------
+# Standard Openembedded init
+#
+echo -e "[source $SCLE_ROOT_DIR/poky/oe-init-build-env]"
+TEMPLATECONF=${_TEMPLATECONF} source $SCLE_ROOT_DIR/poky/oe-init-build-env ${BUILD_DIR} > /dev/null 2> /dev/null
+
+_FORMAT_PATTERN='::-::'
+######################################################
+# Make selection for <TARGET> requested from <LISTING> provided using shell or ui choice
+#
+_choice_shell() {
+    #format list to have display aligned on column with '-' separation between name and description
+    local options=$(echo "$2" | column -t -s "::")
+    if [ "z$ZSH_NAME" != "z" ]
+    then
+       # zsh don't split string as expected (see http://zsh.sourceforge.net/FAQ/zshfaq03.html)
+       eval "options=($options)"
+    fi
+
+    #change separator from 'space' to 'end of line' for 'select' command
+    old_IFS=$IFS
+    IFS=$'\n'
+    local i=1
+    unset LAUNCH_MENU_CHOICES
+    for opt in $options; do
+        printf "%3.3s. %s\n" $i $opt
+        LAUNCH_MENU_CHOICES=(${LAUNCH_MENU_CHOICES[@]} $opt)
+        i=$(($i+1))
+    done
+    IFS=$old_IFS
+    # Item selection from list
+    local selection=""
+    while [ -z "$selection" ]; do
+        echo -n "Please enter your choice of $1 (1-$(echo "$options" | wc -l)): "
+        read answer
+        if [[ $answer =~ ^[0-9]+$ ]]; then
+            if [ $answer -gt 0 ] && [ $answer -le ${#LAUNCH_MENU_CHOICES[@]} ]; then
+                if [ "z$ZSH_NAME" != "z" ]
+                then
+                    selection=${LAUNCH_MENU_CHOICES[$(($answer))]}
+                else
+                    selection=${LAUNCH_MENU_CHOICES[$(($answer-1))]}
+                fi
+                break
+            fi
+        fi
+        echo "Invalid choice: $answer"
+    done
+    eval $1=$(echo $selection | cut -d' ' -f1)
+}
+
+_choice_ui() {
+    local target=""
+    #change separator from 'space' to 'end of line' to get full line
+    old_IFS=$IFS
+    IFS=$'\n'
+    for ITEM in $2; do
+        local target_name=$(echo $ITEM | awk -F''"${_FORMAT_PATTERN}"'' '{print $1}')
+        local target_desc=$(echo $ITEM | awk -F''"${_FORMAT_PATTERN}"'' '{print $NF}')
+        TARGETTABLE+=($target_name "$target_desc" OFF)
+    done
+    IFS=$old_IFS
+    while [[ -z $target ]]
+    do
+        target=$(${UI_CMD} --title "Available $1" --radiolist "Please choose a $1" 0 0 0 "${TARGETTABLE[@]}" 3>&1 1>&2 2>&3)
+        test -z $target || break
+        #display dialog box to provide some help to user
+        ${UI_CMD} --title "How to select $1" --msgbox "Keyboard usage:\n\n'ENTER' to validate\n'SPACE' to select\n 'TAB'  to navigate" 0 0
+    done
+    unset TARGETTABLE
+    unset ITEM
+    eval $1=$target
+}
+
+choice() {
+    local __TARGET=$1
+    local choices="$2"
+    echo "[$__TARGET configuration]"
+    if [ $(echo "$choices" | wc -l) -eq 1 ]; then
+        eval $__TARGET=$(echo $choices | awk -F''"${_FORMAT_PATTERN}"'' '{print $1}')
+    else
+        if ! [[ -z $DISPLAY ]] && ! [[ -z ${UI_CMD} ]]; then
+            _choice_ui $__TARGET "$choices"
+        else
+            _choice_shell $__TARGET "$choices"
+        fi
+    fi
+    echo "Selected $__TARGET: $(eval echo \$$__TARGET)"
+    echo ""
+}
+
+######################################################
+# Choose target machine
+#
+conf_machine()
+{
+    local choices=$(find ${SCLE_ROOT_DIR}/${SCLE_DIR}/conf/machine/ -name "*.conf" 2>/dev/null | sort | uniq)
+
+    for ITEM in $choices
+    do
+        if [[ -z $(grep "#@DESCRIPTION" $ITEM) ]]; then
+            echo ""
+            echo "ERROR: No '#@DESCRIPTION' field available in $__CONGIG file:"
+            echo "$ITEM"
+            echo ""
+            return 1
+        fi
+    done
+    unset ITEM
+    if [ $(echo $choices | wc -l) -eq 1 ]; then
+        # return only file name (distro or machine)
+        echo "$(echo $choices | sed 's|^.*/\(.*\)\.conf|\1|')"
+    else
+        echo "$(echo $choices | xargs grep "#@DESCRIPTION" | sed 's|^.*/\(.*\)\.conf:#@DESCRIPTION:[ \t]*\(.*$\)|\1'"${_FORMAT_PATTERN}"'\2|')"
+    fi
+}
+
+
+######################################################
+# Apply configuration to site.conf file
+#
+conf_siteconf()
+{
+    _NCPU=$(grep '^processor' /proc/cpuinfo 2>/dev/null | wc -l)
+    # Sanity check that we have a valid number, if not then fallback to a safe default
+    [ "$_NCPU" -ge 1 ] 2>/dev/null || _NCPU=2
+
+    cat > conf/site.conf <<EOF
+#
+# local.conf covers user settings, site.conf covers site specific information
+# such as proxy server addresses and optionally any shared download location
+#
+# SITE_CONF_VERSION is increased each time build/conf/site.conf
+# changes incompatibly
+SCONF_VERSION = "1"
+
+BB_NUMBER_THREADS = "${_NCPU}"
+PARALLEL_MAKE = "-j ${_NCPU}"
+
+DL_DIR = "$SCLE_DL_DIR"
+SSTATE_DIR = "$SCLE_SSTATE_DIR"
+
+MACHINE = "$MACHINE"
+DISTRO = "$DISTRO"
+
+PACKAGE_CLASSES = "package_deb"
+
+#LICENSE_FLAGS_WHITELIST += "commercial"
+
+INHERIT += "rm_work"
+
+EOF
+}
+
+######################################################
+# Update bblayer.conf file
+
+update_layerconf() {
+    cp $1/conf/template/bblayers.conf.sample conf/bblayers.conf
+}
+
+######################################################
+# extract description for images provided
+list_images_descr() {
+    list_images=$1
+    if [ "z$ZSH_NAME" != "z" ]
+    then
+        # zsh don't split string as expected (see http://zsh.sourceforge.net/FAQ/zshfaq03.html)
+        eval "list_images=($list_images)"
+    fi
+
+    for l in $list_images;
+    do
+        local image=`echo $l | sed -e 's#^.*/\([^/]*\).bb$#\1#'`
+        if [ ! -z "$(grep "^SUMMARY[ \t]*=" $l)" ]; then
+            local descr=`grep "^SUMMARY[ \t]*=" $l | sed -e 's/^.*"\(.*\)["\]$/\1/'`
+        else
+            local descr=`grep "^DESCRIPTION[ \t]*=" $l | sed -e 's/^.*"\(.*\)["\]$/\1/'`
+        fi
+        if [ -z "$descr" ] && [ "$2" == "ERR" ]; then
+            echo ""
+            echo "ERROR: No description available for image: $image"
+            echo "$l"
+            echo ""
+            return 1
+        else
+            printf "    %-33s  -   $descr\n" $image
+        fi
+    done
+}
+
+######################################################
+# alias function: list all images available
+#
+list_images() {
+    local metalayer=$1
+    if [[ -z $metalayer ]] || ! [[ -e "$SCLE_ROOT_DIR/$metalayer" ]]; then
+        echo ""
+        echo "ERROR: Cannot find layer '$metalayer' at $SCLE_ROOT_DIR/ root."
+        echo "Please use full meta layer path from baseline root:"
+        echo "eg: 'stoe_list_images openembedded-core'"
+        echo ""
+        return 1
+    fi
+    local LIST=`find $SCLE_ROOT_DIR/$metalayer/* -wholename "*/images/*.bb" | grep -v meta-skeleton | sort`
+    echo ""
+    echo "=================================================="
+    echo "Available images for '$metalayer' layer are:"
+    echo ""
+    list_images_descr "$LIST" "ERR"
+    echo ""
+}
+
+touch conf/local.conf
+
+if [ -f conf/site.conf ]; then
+	echo "=====> !!!! [WARNING] site.conf already exists. Nothing done... !!!!"
+else
+    conf_siteconf
+fi
+
+update_layerconf ${SCLE_ROOT_DIR}/${SCLE_DIR}
+
+list_images ${SCLE_DIR}