Hi Jase,
One thing you can do, outside the scope of a pre-logon inspection, is to create an advanced session variable ( Users -> Session Variables -> Add New Session Variable) to pull out a substring of an existing session variable. Then use your advanced session variable in a protected configuration using a "custom check". Then apply your protected configuration to your master group or set of resources.
To my knowledge there is no comparison operator or function similar to substr() or the SQL LIKE operator that you can use in a pre-logon inspection rule. If you find one be sure to let us know!