there is a event log , detecting “Login attempt failed with incorrect two-step login”
Login attempt failed with incorrect two-step login. (1006)
and , there is a API to getting eventlog ,
so, by using log management solution like, splunk,sumologic,elk, you can detect and alert abnormal login attempts.
self hosted
I care about cloud hosted user.