You are correct the IOC are used by Antivirus and AntiBot blades.
For what you needed, I would look into Generic DataCenter objects - we're using them for similar needs/requirements like you.
Generic Data Center Object
From R81, you can enforce access to and from IP addresses defined in files located in external web servers.
To do that, use the Generic Data Center object in SmartConsole. The Generic Data Center object points to a JSON file in an external server which contains the IP addresses which you want to access. This way, when the Generic Data Center object is used in a policy, SmartConsole can retrieve the IP information from the JSON file as necessary.
You can host the JSON file also locally on the Security Management Server.
This feature is useful in cases where one administrator creates the Rule Base and defines the objects, and another administrator manages the content of these objects.
This feature is supported in the Access Control, Threat Prevention, HTTPS Inspection, and NAT Rule Bases.
The feature is supported only on a Security Management Server R81 and higher and Security Gateway (Cluster) R81 and higher.
After you create the Generic Data Center object, any change made in the file is automatically enforced on the Security Gateway with no need to install policy.
To create the JSON file, follow the guidelines described in sk167210.
For more information, see Generic Data Center Objects."