I think this is possible, but if someone can create a technique, I'd like it.
Can you track failed logins, perhaps every five minutes, and if there are 3 failed logins for a user in that time, send an email?
I'm guessing extended events is the way to do this, with some trigger that queries the session, looking for a count()>3 in the time period? Maybe an OVER() with the user and time period, getting a row_number() in the partition >= 3?
Let me know if someone can tackle this and make it work.
Follow me on Twitter: @way0utwestForum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com