Put a rule that will allow me to detect brute force

Hello,
can you help me to put a rule that will allow me to detect brute force.
type of rule ( event correlation or indicator match ).
From the Kali machine, I run the following command:

Hydra –L /usr/share/wordlists/metasploit/namelist.txt –P /usr/share/wordlists/metasploit/password.lst ```
<adresseIP_machineUbuntu>

-I want to set up a rule that will detect similar activity (brute force).knowing that my beats agents are filebeat and packetbeat
Best regards