This is a very blanket "update now" statement with no context or information. What was the determined entry point? Are you on-premise or cloud? What vulnerability is in 20.1 that is patched that mitigates this? Do you have more information on the vulnerability? Now, this is assuming it was an actual vulnerability. 99% of these claims Ive seen the MSP had Control on-premise and RDP open to the Control server. RDP was the entry point. Either brute forced or credentials harvested/phished from MSP employees and voila! RDP access to the Control server.
@Trouble Assuming you are trying to send to something outside of the CW ecosystem or without integration. What you want to do is build your JSON in a PostMan. They have an option to convert that to PowerShell. Then, have your Alert Template trigger a script that executes the powershell as a line in it. Monitor fails, triggers alert template, alert template sends the webhook.