How is your memory usage after restarting IPS and waiting about a day?
I noticed as well that Suricata rules, use a lot of RAM.
although in your case having 16 GB is plenty
I would remove at least 3 of your rules
OISF and PT have been EOL, for a while and SNORT might be a duplicate of ET
On my IPFIre, I added Threatfox and URLHaus rules, Threatfox is a real memory hog as mentioned before.
If you are interested in IP Blocklists, or maybe RPZ blocklists, I am listing a bunch here,
Avoid the DoH list, 
and let me know if you need more help.