I Built a SIEM for My Smart Home… and It Found Things I Didn’t Expect

In this video the creator walks through designing and deploying a self‑hosted security information and event management (SIEM) platform specifically for a smart‑home and home‑lab environment. He chose a low‑power Zimaboard running Ubuntu LTS as the dedicated monitoring host and installed the open‑source Wazuh stack to collect and analyze logs from his router, NAS, and Home Assistant instance.

The core value comes from aggregating disparate logs and correlating them into actionable alerts. He demonstrates three test incidents: a scripted port scan that appears as multiple firewall drops, a series of failed Synology login attempts, and a mix of failed then successful Home Assistant authentications. Wazuh parses each syslog entry, applies custom decoders and rules from a public GitHub repo, and flags the combined activity as suspicious behavior.

A key observation is that many smart‑home components, especially Home Assistant, do not expose structured security events out of the box. The creator built a Wazuh agent add‑on to forward authentication and integration events, and even proposed enhancements to Home Assistant’s logging architecture. He also shows how Wazuh‑generated metrics can be fed back into Home Assistant as sensors, enabling automations such as notifications, temporary lock‑downs, or camera activation.

For hobbyists whose home networks are evolving into mini‑data centers, the setup offers continuous visibility without the overhead of enterprise solutions. By running on energy‑efficient hardware and leveraging open‑source tooling, users can detect reconnaissance, credential‑stuffing, or compromised devices early and automate defensive responses, raising the overall security posture of the connected home.