Monitor Windows Logs & Alert With Specific Conditions

Our SQL DBAs want to monitor for a specific event in the Windows Event log which tracks failed login attempts. 

Windows Logs, Application
Source: MSSQLSERVER
Event ID: 18456
Task Category: Logon

Message Example: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Could not find a login matching the name provided. [CLIENT: <IP ADDRESS>]

I've been able to set up the component monitor in SAM, but I would like some tips on configuring the ALERTS for this based on the following:

  1. They only want to be alerted when the event is logged in the Windows Event logs 5 or more times in a single minute.
  2. The alert does NOT trigger if the CLIENT IP address in the message is triggering from a specific IP.