Hello Jonas,
you could do something like this, in the below query, i am looking for a user name, which failed authentications for 5 times in last one hour, you could adjust the query accordingly for your convenience:
select auth_username as username from auth where auth_status = 'Failed' AND timestamp > now() - interval '1 hour' GROUP BY auth_username HAVING COUNT(*) > 5;
--