Yes.
Are you recording login success/login failure in the engine? If so you can look in the ERRORLOG to see what did it. If you don't do this you should at least work out how to capture that information in rollover trace/extended event files, for your own security.
It should be standard everywhere. You want to check and know every day when you've got a bunch of failed logins on a server, indicating an application has been misconfigured or an attack is in progress.