Edit the "Excessive failed login" default correlation search, change the count in the search, and edit the time parameters (Start time, End time, Cron Schedule) to run it each 10 minutes as said before.
1-write your request that gives you the failed login as you want. it depends on your data.it may be something like:
source=security_log_file failed login earliest=10| timechart count by user|where count> 5
2-execute it in search and click SAVE AS ALERT.
3-on the first window put the title and chose what you want.....
4- on the 2nd window click SEND E-MAIL and fill the required informations. you can even customize the message to send by including a token value.
see all the details here: