Create an address book entry for your block lists:

Objects->Addresses->List

Add an entry in the Untrust Zone for your lists. Here are the lists that are

available for the basic Service:

basic.threatstop.local

basic1.threatstop.local

basic2.threatstop.local

basic3.threatstop.local

basic4.threatstop.local

Since there are multiple lists available, it would be easier to create a Group Object that has all of your ThreatSTOP lists:

Objects->Addresses->Groups

Go to the Group Object page and click on New. Give the group a name, "ThreatSTOP" would be a good choice. Add each of the Address Lists created in the previous step to the Group. The end result should look similar to this:

Add policies blocking all traffic from this Adress Book Entry to the GLOBAL ANY address group
(this is necessary because MIPs are in the GLOBAL zone), the TRUST ANY, and from TRUST ANY to this
Address Book (to block infected machines calling home to botmasters on the list):

Here's how to do it for Untrust to Global:

Policies, select Untrust to Global, click New

Select the address book entry you just created as the From

Select ANY as the to

Protocol ANY

Action DENY

Check Logging (so you can see when it works and we can process the denies on our end)

And check position at top.

Click OK

Create the same policy for the zone Untrust to Trust, and Trust to Untrust, and also position it at top of each of those lists.

Last, verify that your DNS Resolver has resolved the lists by checking your dynamic DNS Cache:

Network->DNS->DNS Cache Tables selct Dynamic in the pulldown.

You should see your block lists with the current IP addresses in a table that looks like this:
 

That's all it takes. Your network is now protected with an updated list every 4 hours.