Multiple Username Attack But What About Single Username?

I’m seeing WAF blocking Wordpress logins with: Multiple Username Violation

What about hack attempt on a single username? Why isn’t there a rule for that? How would I add the rule or do I need to use another tool to block too many failed login attempts on a single user name?