A real hardware-software security system that watches a network for suspicious activity in real time and sends instant alerts — combining an Arduino Uno, Wazuh SIEM on Docker, and a Python bridge connected to Telegram.
This project is a network intrusion detection system (IDS) — a security tool that watches network traffic and warns you the moment something suspicious happens. Most IDS tools only show alerts on a computer screen. This project goes further by adding a physical alert device built from an Arduino Uno, so you get a visible and audible warning even if you are away from your computer.
At the core of the system is Wazuh SIEM, an open-source security monitoring platform running inside Docker on Garuda Linux. Wazuh continuously analyzes network logs and system activity. When it detects a threat, a Python script picks up that alert and does two things at once: it sends a message to a Telegram bot on my phone, and it sends a signal to the Arduino, which lights up an LED, sounds a buzzer, and displays the alert on an LCD screen.
The system is built to detect three of the most common types of network attacks:
Detects when someone runs tools like Nmap to scan a network, looking for open ports and weak points before launching a bigger attack.
Catches repeated failed login attempts where an attacker is trying to guess a username and password combination.
Identifies sudden floods of traffic that could overload a server or device and cause it to slow down or crash.
The system follows a simple but effective chain of events, from detection to physical alert:
Wazuh SIEM runs inside a Docker container on Garuda Linux and continuously watches network logs, system events, and connection attempts in real time.
When Wazuh notices a pattern that matches a known attack — like a port scan or repeated failed logins — it generates an alert with details about the threat.
A custom Python script (using pyserial and requests) watches for new Wazuh alerts and processes them as soon as they appear.
The script sends a message through the Telegram Bot API, so I receive an instant notification on my phone with details about what happened.
At the same time, the script sends a signal over serial to the Arduino Uno. The Arduino turns on an LED, sounds a buzzer, and displays the alert message on a 16x2 LCD screen — giving a clear, physical warning in the room.
Here is a simplified view of how the pieces connect together:
Physical alert hardware with a 16x2 LCD screen, LED indicator, and buzzer.
Open-source security monitoring platform that detects threats from log and network data.
Used to run Wazuh in an isolated container on Linux, making setup and updates easier.
Connects Wazuh alerts to both the Telegram Bot API and the Arduino over a serial connection.
Delivers instant alert messages straight to my phone, wherever I am.
The host operating system running Docker, Wazuh, and the Python bridge script.
Used during development and testing to simulate port scans and verify that Wazuh correctly detects them.
This project taught me how real intrusion detection systems work behind the scenes, how to set up and manage Docker containers, and how to write Python scripts that connect security software to both a messaging API and physical hardware. I also learned a lot about how common network attacks — like port scans and brute-force logins — actually look from the defender's side.
It is the most complete project I have built so far, bringing together hardware, software, networking, and security in a single working system — and it gave me a much deeper appreciation for how layered, real-world security monitoring is designed.