This concept could actually be taken further.
What if abuse detection rules allowed for a user provided script/program to be run when a rule has been triggered and for key parameters such as email address getting hit by brute force attacks or IP address of failed login attempts etc to be passed to the script. This script/program could then interact with the server environment to enable further security actions.
That way, installation specific actions could be configured that greatly expand the management of the rules once triggered. An example would be being able to block persistent attackers at the firewall level thereby taking the load of SM or creating additional infomation such as user login by country and (possibly) acting on it. I currently check the list of failed login attempts and if a particular IP/country is over represented, I block it at the firewall level.
Yes, admin intensive and maybe OTT but when you are being hammered by certain countries, blocking IPs at the firewall level is the only real alternative.