It's definitely not ideally scalable. For non-agent nodes, I popped in the hostname* for all my devices that might report by hostname, and the IP ranges. For agents, the connector profiles regularly handle updates to the IPs/hostnames automatically.
One thing I did was create a rule/filter for "something I don't know about" for a while to see what I was missing - I'd create a rule/filter for detectionIPs that didn't match my UDG/profiles and clean stuff up. Then when I built rules downstream that relied on them I would also build an exception so I could catch something that didn't match ANY of my groups (if that makes sense).