Sure. Thanks for your reply.
Recently, we have been seeing a lot of brute force attacks on external facing RDP. We have a tool that alerts us if a user is locked out, but it doesn't give us any other info. We also have other lockouts related to cell phones attached to email, etc.
It would be very helpful for us to be alerted if particular user is having recurring, frequent lockouts.
It would also be helpful to easily identify the source of the lockout. What server and service is the user attempting to connect, the origination IP address of the connection attempt, etc.
Hope this helps,