Hi @Doria ,
I would suggest enabling audit logging on your Domain Controllers (DCs), then you may capture failed logon attempts.
How to Audit Successful Logon/Logoff and Failed Logons in Active Directory
----------
(If the reply was helpful please don't forget to upvote or accept as answer, thank you)
Best regards,
Leon