Personally I have tried OTX, but I was quickly blocked by the API cap of 10K per hour.
I am currently looking into writing a script that updates a local CSV (on the GL server) with a list of malicious IPs/Domains, then let pipelines do the parsing.
I wonder if others can share their experience in this space ? What threat intelligence source worked well for you in GL ?