Patch Policies are ideal for this use case.
I wouldn’t recommend using Manual Groups for this, or really anything. They are not ideal, especially at scale.
One option is to use the “BigFix agent install time” < X days as a mechanism for machines that should be brought into the patch catch up policy. Related: Delay BigFix site subscription to speed up client provisioning
Turns out you likely can’t use number of relevant fixlets: Client relevance to get computer group memberships
I generally use minima of subscribe times of sites as a proxy for time in which the client joined BigFix, but there is the possibility of using minima of effective dates of (settings of it; administrators of it; settings of manual groups of it; settings of sites) of client as well, though that seems to be lower quality, would need some filtering to really use it.
This comes close:
minima of unique values whose(multiplicity of it = 1 AND 3650*day + it > now) of effective dates of (settings of it; administrators of it; settings of manual groups of it; settings of sites) of client
But this is still generally best:
minima of subscribe times of sites