Hot take: Don't do this kind of shit.
"Someone who didn't have the right authentication data didn't get in" is how it's supposed to work. You want extra credit for that?

It's not newsworthy. It's not actionable. It's spam which forces me to manually dismiss it. It leads to alert fatigue.