That is valid for both solutions, either you make Mikrotik fetch the file, or push commands to Mikrotik from NS, if fail2ban on NS stops working because you customized the code and then it is overwritten by an update, everything stops
Anyway, if you don't want to push commands from NS to mikrotik but want mikrotik to fetch the file, you can write a script on the routerboard using the Fetch tool, allows you to fetch (duh) a file from a remote system through http(s), then use its content to write firewall rules on mikrotik
You could then use NS shared folders as the destination folder for fail2ban file you want to generate and let mikrotik fetch tool use that path to get the file
You also need a way to empty or delete that file once it has been processed by mikrotik, otherwise subsequent imports could cause trouble in your mikrotik firewall configuration with duplicate rules
Seems a lot more complicated than just letting fail2ban push commands to the routerboard!