It’s actually really simple, but you’ll need administrator access on the domain controller in order to read the security event log so you might have to consult upper sys admins.
It seems to not want to filter/sort by username though so if you’re managing a huge enterprise with thousands of users this could be a bit tedious. On the other side, if that’s the case I suppose you already have better tools for the job.
Anyway, all invalid login attempts are logged as event id
Filter Current Log...in the right navigation menu
4776into the input field which says
<All Event IDs>