Currently it appears the only way is to manually recreate alerts/metrics to exclude RoarExclude security groups. It requires the coding knowledge or reaching out to support every time you want to change up alerts to exclude that group. Either including that in every alert or creating built in 2nd alerts to use that include the exclusion would be most effective. If not possible I would hope there would be a way to create a condition you could include that would exclude that security group to make it easier to omit accounts from the list. Such as service accounts for example.