It's common to use external scripts to do initial processing for some of these tasks: may be more practical than bringing config data about 4MM files into BSA.
Check out the "findFiles" script in the DISA Compliance Content.
It's been over a year since I've done this, and I'm going completely from memory, but I thought that there was a type of "exclude files" setting that would prevent our Compliance Jobs from scanning certain paths or attached storage.
Also, if you're using our OOTB DISA Compliance for Linux systems we've broken up the Compliance into two parts;
BMCCacheCreatorDisaLinux (script that creates cache)
DisaLinuxComplianceJob (compliance job)
The script runs and caches the results for 24 hours. So you can run the script at night and run Compliance after that, as long as it was within the 24 hour cache period.
rob is using a modified version of the find files, but it should have similar functionality. though i don't think the cache jobs were created for the customized EO that does the find. you'd have to look at the EO itself to determine how to pass in the excludes to the find command.
Now that just freaked me out how did you know who my client was and what I should look for???
Thanks for replying, I'll start looking around.