Home Assistant Security Automations That Actually Protect

Home Security Motion Detection Apple HomeKit ZigBee Locking System

Most smart home security setups are a wifi camera plus a notification. Real protection is layered: detection, notification, automatic action, and cool-down handling. This is the four-layer pattern I run at home with the exact automations and the mistakes that defeat the system.

A friend asked me last year why his Aqara security setup kept missing the cat in the hallway and crying wolf about a window that had been open for hours. The honest answer was that he had three separate automations all watching the same sensors with no coordination layer. Layered design fixes that.

Layer 1: Detection (Sensors That Trigger)

Detection is the easy bit but the most over-bought layer. A typical three-bedroom flat needs roughly 8-12 sensors covering four types of event:

  • Entry sensors on every external door and accessible window (contact sensors, ideally with tamper detection)
  • Motion sensors in rooms you want covered when away (mmWave radar beats PIR for accuracy)
  • Audio detection in living areas to catch glass-break or shouted voices (one good module per floor)
  • Specialised sensors for smoke, carbon monoxide, water leaks, and door-lock tamper events

Buying twenty sensors does not improve security if half cover the same zone. Place one sensor per natural choke-point -- front door, back door, kitchen window, living room window, hallway, bedroom door. Add more only when a specific zone has a documented gap.

I use Aqara contact sensors at every entry, three LD2410B mmWave radars in living areas, one HiLink audio detector in the open-plan kitchen, and a Nest Protect for smoke and CO. Total hardware cost: about 180 GBP. The whole layer runs through a Sonoff Zigbee 3.0 Pro coordinator on Home Assistant.

Layer 2: Notification (Knowing What Happened)

Notifications are where most setups go wrong. A push notification for every door open turns into background noise within a week. The right notification channel depends on severity:

The detection layer fires three different notification severities. Low-severity events (someone opening a window from inside while home) get silent state updates in the Home Assistant dashboard. Medium-severity events (motion in the hallway when nobody should be home) trigger a push notification to my phone. High-severity events (glass-break audio plus motion within 10 seconds) escalate through three channels in sequence: push, then voice announcement through the kitchen Echo, then SMS if I do not acknowledge within 60 seconds.

That third channel is the critical one. The phone might be on silent, in another room, or dead. SMS bypasses every quiet hour setting and reaches you reliably. I use Twilio with a 20 GBP/year pre-paid SMS bucket which has covered the last three years of real alerts.

Test the notification chain monthly. I run a fake alert on the first Sunday of every month: trigger a Zigbee scene that simulates a glass-break event and watch the notifications fire in order. Half of all "my Home Assistant security setup failed" stories trace to a notification chain that quietly stopped working three months ago.

Layer 3: Action (What Fires Automatically)

Detection plus notification gives you awareness. Automatic action is what changes outcomes. Three actions cover most break-in scenarios:

The most effective single action is switching every interior light to 100% brightness within two seconds of a high-severity event. Burglars expect dark houses. Sudden full illumination through every window is unusual and deterring. The lights stay on for 10 minutes regardless of follow-up sensor state.

The second action is camera recording. I have two Reolink cameras covering the entrance and the back garden, both with PoE so they keep working through power blackouts (the PoE switch is on a UPS). High-severity triggers force a 90-second recording to local storage and to a Synology NAS. Cloud cameras add a layer of latency and depend on internet uptime.

The third action is the siren. I run a 90 dB Aqara siren in the hallway with a 30-second auto-cutoff. The decibel level matches typical UK home security advice recommendations and does not exceed local noise ordinance limits. A siren that wakes the neighbours but not actually-loud burglars does no real job.

Layer 4: Cool-Down and False-Alarm Handling

This is the layer everyone forgets and the one that determines whether the system stays useful in month three. Cool-down prevents the automation from firing repeatedly on the same event.

The pattern I use is straightforward. Every security automation includes a "last triggered" timestamp variable stored in Home Assistant. Before firing the action layer, the automation checks the timestamp. If less than five minutes have passed since the previous trigger, the new event is logged but no notification or action fires. After five minutes the cool-down expires and the next trigger fires normally.

This pattern eliminates alarm fatigue. Without it, a window left open during a stormy night will retrigger motion alerts every five minutes until 3 AM. Within a week you mute everything. Within a fortnight you ignore real alerts.

False-alarm handling layers on top of cool-down. Three rules I run:

  1. Pets above 4 kg are ignored by mmWave radar through a body-mass discriminator in Zigbee2MQTT
  2. Sensor events between 10 AM and 4 PM (when the cleaner visits twice a week) feed a less aggressive automation that logs but does not siren
  3. Any single sensor firing without correlated nearby sensor activity is logged but not escalated; a real intruder triggers multiple sensors within seconds

These guardrails reduced my monthly false alarms from roughly 20 to two over a six-month tuning period.

Five Specific Automations I Run

The full list of security automations on my Home Assistant install:

  • Away mode entry: any front or back door opens while we're both away -> 90 dB siren + camera record + SMS escalation, 5-minute cool-down
  • Glass-break correlation: audio detection plus motion within 10 seconds in living areas -> full lights + siren + push, 5-minute cool-down
  • Hallway motion at night: motion between 1 AM and 6 AM when everyone is asleep upstairs -> dim lights + log, 30-second cool-down, escalates only on second trigger within 5 minutes
  • Smoke alarm correlation: Nest Protect smoke OR CO event -> all lights to 100% + Echo voice announcement + unlock the front door for fire escape, no cool-down (fire is fire)
  • Lock tamper: smart lock reports tamper -> push + log, no other action (avoiding false escalation on a sticky lock)

Each one is documented in the Home Assistant UI with a clear description so my partner can reason about them when I'm not home. The undocumented automation is the one that gets blamed when something weird happens.

Common Mistakes That Defeat the System

Five errors I see in nearly every smart home security setup that comes to me for review:

  1. No cool-down layer. Without it the system fires constantly, you mute it, and a real alert dies in a muted notification.
  2. Cloud-only action layer. A burglar cuts the internet and your siren never fires. Local-first Home Assistant + Zigbee solves this.
  3. One notification channel. Phone on silent, sleeping in another room, low battery -- you miss everything. Always have an SMS or voice escalation.
  4. No monthly testing. Notification chains, batteries, and sensor pairings drift. Run a test alert on a schedule.
  5. No backup power. UPS the hub, the network switch, and the WiFi router. Five minutes of UPS runtime covers most outages and ensures alerts still reach you.

The Home Assistant automation documentation covers the underlying syntax for each pattern above. The architecture is independent of the brand of sensor -- the same four-layer model applies whether you run Aqara, Hue, or all-DIY Arduino sensors. Pick the layers that matter for your house, document them, test them monthly, and the system protects you instead of haunting you.

Build Your First Layered Defenses in Order

If you're starting from zero, build the defenses in this order. Each step gives you working protection before the next one, so the project stays motivating even when life eats your free time.

Week one: install contact sensors on every external door and accessible window. Pair them to Home Assistant and write one automation that sends a push notification whenever a sensor opens outside expected hours. Live with the noisy notifications for a few days. You'll discover the cleaner visits at 11 AM, the gas meter reader rings the bell on the third Wednesday, and your partner sneaks in late on Friday. Real data beats imagined threat models every time.

Week two: add motion sensors to the living areas you care about. Connect them through Zigbee to keep latency low. Build the second automation -- motion plus "everyone away" mode triggers the action layer. Test with the away-mode toggle and a 30-second exit timer that gives you time to leave the house. The toggle is more important than any single sensor.

Week three: add the cool-down layer to every automation you wrote so far. This is the week most people give up because cool-down feels like extra work. Skip it and the system will defeat itself within a month.

Week four: install the notification chain with SMS escalation. Test the chain monthly thereafter on the first Sunday of the month. Set a calendar reminder. The chain is the part that decays silently and the test is the only way to catch the decay.

After four weeks of work you have something better than most commercial alarm systems for less money and no monthly fee. The defenses scale from there -- audio sensors, cameras, smart locks, automated lights -- but the four-layer skeleton stays the same.

A Quick Word on Smart Locks in the Defense Chain

Smart locks are the most tempting addition to a layered defense and the one with the highest stakes if you get it wrong. The advice I keep coming back to: do not replace the only deadbolt on your front door with a smart lock. Add the smart lock alongside the deadbolt or to a secondary door first.

The technical reason is that smart locks fail in two failure modes -- electronic failure (battery dead, firmware crash) and mechanical failure (motor stripped, mounting bracket bent). A failed smart lock on the only entry locks you out. A failed smart lock alongside a working physical key gives you a known-good fallback.

The defense-chain reason is more subtle. A smart lock that reports tamper events to the action layer gives your system early warning of forced entry attempts. The notification fires before the lock fails. Combined with motion sensors and an automated siren, the attacker hits a fully illuminated noisy property within two seconds of touching the lock. That changes the cost-benefit calculation for the attacker considerably.

The wrong smart lock for the defense chain is the all-cloud kind that pings a server to verify every state change. Pick a Matter or Zigbee lock with local control so the chain keeps working when the internet drops.

View full version