A brute force attack is, simply, an attack on a username, password, etc. that systematically checks all possible combinations until the correct one is found. Scripts are usually used in these attacks to automate the process of arriving at the correct username/password combination. The more time the attacker has, the more passwords can be tried, so time is of the essence when it comes to detecting and stopping it. In your web (or proprietary app) logs, you’ll usually see a crazy amount of failed login attempts, usually originating from the same IP address.
Source: https://thehackernews.com/2014/11/keeping-bots-at-bay-how-to-detect-brute_20.html