If the lockout is coming from ADFS, nothing will help you on the AD side. You will have to dig into the ADFS logs.
First on, I'd like to mention that ADFS has builtin mechanism to prevent accounts from being locked out from ADFS. Please have a look here: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection
Then, if you are interrested to know more about the actual IP of the client (and eventually the User-Agent-String since ADFS is a web service), you will get that in the ADFS audit logs. You can follow the guidance here to enable audit: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/auditing-enhancements-to-ad-fs-in-windows-server