Fail2ban may provide a false sense of security
Just throwing this out there for discussion...
The old stalwart fail2ban may not be providing the security you think it is.
Specifically, a "low and slow" attack from a botnet will go unnoticed.
Fail2ban will detect and block multiple attempts from the same IP, but not repeated attempts from different IPs.
You may want to try:
grep -c Found /var/log/fail2ban.log
grep -c Ban /var/log/fail2ban.log
and ponder the numbers.