minimum of subscribe times of sites is a proxy for the time that the bigfix agent was installed.
You can also look at the time the OS was installed, but that isn’t as cross platform.
See this forum post: Delay BigFix site subscription to speed up client provisioning
The nice thing about adjusting site subscription criteria is that it affects all of the items within it without changing any of them individually.
Another option is that you can have a baseline with additional relevance and then add items to the baseline and run the baseline. That way this additional relevance applies to the baseline components without actually editing the components themselves.
Generally the logic that is used to exclude systems until they have had bigfix installed for a period of time, or until they are flagged as having the build complete should be placed within a Site, a Baseline, or an Automatic Group and NOT within a fixlet itself. The fixlet should only be concerned with if it CAN run, not if it SHOULD run. This allows the same fixlet to be reused in many different ways without concern for the business logic that dictates when it SHOULD run… that is something else’s concern at another layer.
Also, I would recommend that automation that waits for a system to be tagged as completed initial provisioning be time limited, so it would be go as soon as the tag is set, or 6 hours, whichever comes first.