This sounds like the same issue discussed here Searching Relevance for <not reported>. This other thread explains why you can’t use automatic groups or dynamically target such endpoints, and the suggested approach. In order to automate it, you would have to use the REST API to deploy the actions automatically based on what the server sees.
I’m confused as to why this requires automation, though. If you’ve identified the problem, I would assume you’re not deploying the bad package anymore, so why do you expect to see problem systems continuing to show up in the console?