I was indeed not aware that one can use external lists in the firewall policy itself as source or destination. The second link I already was aware of and if I am reading that article correctly, then an external threat feed containing IP addresses can be used in the DNS filter (security profile), but none other (such as AV, IPS, etc.).
Thank you for the first linke and for confirming my assumption. Much appreciated