Failed login rules can be configured to trigger a notification and/or disable a user account after the specified number of failed login attempts.
A failed login occurs each time someone attempts to log in with an invalid username or an incorrect password. The server keeps track of each failed login attempt for each user. If there is a failed login rule applied to a user, the server triggers the rule when the number of failed login attempts exceeds the maximum specified in the rule.
The server can differentiate between failed login attempts caused by invalid passwords and failed login attempts caused by a disabled account or an account with an expired password. You can specify which of these types of failed login attempts the server should use when deciding to send a notification.