I am looking for a host level intrusion detection system for 32bit and 64bit windows servers. Long story short we have an attacker who is appears to be using a dictionary attack on our servers exposed to the web. We use a RDP gateway server and I am seeing thousand of attempts to authenticate to our server. usernames like Symantec, POS, dhcp, guest, rob, kat, tony, sales, showroom, it goes on and on. I have been able to track some of the IP's down and created a firewall rule to stop them but only temporarily. I'm not incredibly worried at the moment since we use good standards for usernames and have password policies enforced.
I would like a way to identify without a bunch of manual work the source IP and alert me. If it could actually block them without manual intervention that would be even better. I'd like to keep the cost below $5,000 if possible.
I apologize if this is posted in the wrong area, I don't think I have ever posted a question here before.