Spike in failed logon events ML rule alerting

Hi everyone

I am experimenting with the ML learning rule that alerts when a spike happens in failed logon events. I did a RDP bruteforce from kali to windows in the bruteforce the password did get guessed so the host is actually compromised. The alert just gives a low severity alert so it would be better if another alert gets send if a successful logon happened during the spike.

What would be an easy way to do this?