Limit login attempts
Unsuccessful login attempts may be limited using a client limiter which can be found within the "Quality of service" template group. This kind of filter counts the specified events caused by a client (identified by its IP address) and denies access if the client reaches the configured limitation within the specified time.
Create a new filter:
Configure the events you like to limit, e.g., 10 failed login attempts within 5 minutes:
Assign the filter to the mappings of your applications using user authentication: