That would be hard to produce without access to your data. I recommend looking at the alert templates in Sentinel and the related GitHub repository. You should be able to find examples for most of these requests (or you may find one of the Azure security tools already meets the need). You should also consider if your Sentinel has the data needed for these scenarios. Brute force is easy enough. Password spray is a little more difficult. Both would likely be part of the Identity Protection solutions like MDI. You might see impossible travel in AAD Identity Protection and Defender for Cloud. That last scenario sounds very similar to Sentinel's multistage attack or Fusion rule.