Hi,
Bro can cope with your requirements.
You just need to write a policy script to handle that.
You declare global variables to count connexion attemps to your servers.
You should take a look at the policy script “signatures.bro”. There is an example
to detect vertical and horizontal scans.
Hope it’s helpful.
R. Alahassa