The current dynamic node selection criteria when defining compliance policies could be more flexible. As of now, it only allows for a binary selection "is" / "is not" for a criteria. Modifying to allow for "contains" and other non-binary answers would put the node search functionality in parity with other parts of the Orion product, e.g. defining alerts.
Example:
I want to create compliance policy that only checks against a subset of Cisco device types in our environment. As it currently stands, there's not a way to state "machine type does not contain Nexus" in machine type, or "node name does not contain xxx" or any similar exclusion definition. Your options appear to be... explicitly call out every single exclusion (which could be tons of device model variations) or define custom properties for every single exception. Neither option is a good one.
