We are using the REST API to pull in Azure Security Center Alerts as well. We use the reported time as a check point, but the API throws and error pulling the $filter parameter, therefore it pulls in all alerts every time.
This is costing us real money as it consumes our SEIM license, and creates redundant non-useable data on disk.
I received an update from our dev that you will need to use the correct API version using the following supported query. Please review below and let us know if you have additional questions or concerns.
Update from dev:
This is how you write the query, this is supported: