Hook SecurityHook Docs
Org Admin

Automate report delivery

Schedule email delivery of campaign, training, and executive reports so stakeholders get the numbers without you sharing manually.

An automation is a saved rule that emails a generated report to a list of recipients on a recurring schedule. Instead of opening the executive summary the day after a campaign closes and forwarding a PDF to your CISO, you configure it once and it runs itself. Use automations whenever the same person needs the same report on the same cadence: the monthly board update, the quarterly compliance attachment, the weekly watchlist for the security lead.

Open the automations dashboard

From the left sidebar, click Automations. You land at /org/automations.

The page header reads Set up automated report delivery based on triggers and schedules. Three KPI tiles sit across the top.

Below the tiles, every automation in your org is listed as a card showing its When, What, Who, Last Run, and Next Run.

The three KPI tiles are:

  • Active Automations — count of automations currently running (anything with status Active)
  • Reports Sent — number of reports delivered this month, summed across all automations; the counter resets on the 1st
  • Next Scheduled — the date of the soonest upcoming run, with the automation name as the subtitle so you know which one is up next

Screenshot pending

[Automations dashboard at /org/automations with the three KPI tiles and a list of automation cards]

Create a new automation

Click Create Automation in the top-right of the page. The Create New Automation dialog opens.

Automation Name — give it something a teammate would recognize at a glance, for example Monthly Executive Report — Acme. Three to fifty characters.

Schedule Frequency — pick one of Daily, Weekly, Bi-Weekly, Monthly, Quarterly, or Yearly. Monthly runs on the 1st of the month; weekly runs on the same weekday as the create date.

What — pick a report type. The options are Campaign Executive Summary, Security Watchlist Report, Group Performance Report, Course Enrollment Report, and COTM Campaign Report. Most types require a second selection — pick a campaign, a group, or a course depending on the report — which appears as a follow-up dropdown the moment you choose the type. Security Watchlist Report is marked Ready to use and needs no extra parameter.

Who — type or paste recipient emails into the input. Separate multiple addresses with commas, semicolons, or spaces, then press Enter or click Add. Each address shows up as a removable badge. For example: security-team@acme.test, ciso@acme.test.

Click Create Automation. A toast confirms Automation created successfully! and the new card appears in the list with a green Active badge and a populated Next Run date.

Screenshot pending

[Create New Automation dialog with the Schedule Frequency, What, and Who fields filled out]

Edit, pause, or delete an automation

The automation card surfaces an Active or Inactive status badge in the top-right corner. Active automations run on their next scheduled date; inactive ones are paused and skipped by the processor.

To change the recipients, frequency, or report parameters of an existing automation, the cleanest path today is to create a new automation with the updated settings and let the previous one expire or be removed. If you need to pause a live automation immediately — for example, while you're editing the underlying campaign or group — reach out to your CSM or open a support ticket and reference the automation name; the toggle is wired up server-side and we can flip it for you.

Screenshot pending

[Single automation card showing the Active status badge, the When / What / Who rows, and the Last Run / Next Run footer]

What gets delivered

What lands in the recipient's inbox

Each scheduled run generates the report fresh from live data, renders it as a sanitized HTML email, and attaches a print-ready PDF of the same report. Recipients see the full report inline in their email client and can save or forward the PDF for board decks, compliance evidence, or sharing with auditors. The subject line uses the report title (or the automation name as a fallback). Delivery is one email per run, sent to every address on the recipient list at the same time.

Common pitfalls

  • External recipients. The recipient field accepts any valid email address — including addresses outside your org domain. That's deliberate (board members, external auditors, MSP contacts often live elsewhere) but treat the list as you would any data-egress channel: confirm each external address with your security lead before saving.
  • Frequency edge cases. Monthly fires on the 1st of the month regardless of when you created the automation. If you create a monthly automation on the 28th, the first run will be three days later, not 30. Quarterly and Yearly anchor to the creation date — verify the Next Run date on the card matches what you expect before you walk away.
  • Empty data. If the underlying campaign hasn't started, or the group has no members yet, the report will still send — just with zeros. Wait until you have meaningful data before turning on a recurring delivery to leadership.

Read the executive summary report

Run a phishing campaign

Assign training to groups

Review the security watchlist

Find repeat clickers across your phishing program, read their risk signals, and decide who needs more training next.

Sync users from Microsoft Entra

Connect Hook to Microsoft Entra (Azure AD), pick groups to sync, preview members, and confirm — so your user list stays current.

On this page

Open the automations dashboardCreate a new automationEdit, pause, or delete an automationWhat gets deliveredCommon pitfallsRelated