I read the link back to AbuseIPDB posted in one of the replies in this thread. I don't really see how this fits into the general Suricata use case on pfSense. Sure Suricata can load up some IP list (providing it's in the correct format as specified for IP reputation lists), but the binary has no method of feeding anything back to the AbuseIPDB eco-system.

The best you can do is scrape the text logs, but in my opinion you should not be doing all that work on your firewall. I say that because invariably such tools want to drag in all kinds of dependent packages, and each dependent package you add is a potential attack vector. You increase the attack surface of your firewall and thus reduce security. Better in my view to export the firewall and Suricata logs to an external SIEM type system, and then do your log scraping and reporting from there. That system could also report things back to AbuseIPDB.

In the IT Security world I came from, your firewall has one job. And that job is keeping external traffic out (unless explicitly allowed in), and controlling what internal traffic can go where. Reporting, pretty graphs, and all that GUI fluff should be handled on an external system that is not the firewall.