Browse the reports catalog
Navigate the Reports hub — the four report categories, how to filter, and which report answers which question — then jump to the one you need.
The Reports page is the catalog of every report Hook can generate for your organization. Instead of digging through campaign or course pages, you start here, pick the report that answers your question, and open it. You'll use this hub whenever a stakeholder asks "how did the last phishing test go?", "who hasn't finished training?", or "which users keep clicking?" — each of those maps to a card on this page.
Before you start
Prerequisites
- You're signed in to Hook as an org admin, with the right organization selected in the org switcher if you manage more than one. Every report is scoped to the selected org.
- For any phishing report to show data, the org needs a PhishingBox API key and at least one campaign that has run. Phishing results are pulled live from PhishingBox; if the key is missing, those reports return an error instead of data.
- For the course report, you need at least one training course assigned to users. Course data comes from Hook's own database, so it's available as soon as enrollments exist.
Open the Reports hub
From the left nav of the org portal, go to Reports (/org/reports).
The page header reads Reports with the subtitle Campaign, training,
and user insights. Export to PDF or share with clients. Below it is a
grid of cards, one per report.

The four categories
Every report belongs to one of four categories, each with its own color accent on the left edge of the card:
- Campaign (blue) — phishing simulation results.
- Course (purple) — training enrollment and completion.
- User (orange) — risk-focused views of individual people.
- Group (green) — performance broken down by group.
A row of filter chips sits above the grid — one chip per category, each with a colored dot. Click a chip to show only that category; click more than one to combine them (the filter is additive). When any chip is active, a Clear button appears to reset to all reports. The chips read Campaign, Course, User, and Group — Hook trims the word "Reports" off the full category label for the chip.

Which report answers which question
Each card shows an icon, the report name, a one-line description, a category badge, and a View report link. Here's the decision guide for the seven reports, grounded in what each one actually produces:
| You want to know… | Open this report | Category |
|---|---|---|
| The board-ready overview of one campaign — click rate, report rate, risk level, and recommended training | Executive Summary | Campaign |
| All phishing test results for the org, aggregated, with the users who clicked | Test Summary | Campaign |
| A monthly, client-ready snapshot of phishing results plus training completion | Security Awareness Snapshot | Campaign |
| The monthly COTM ("Campaign of the Month") detail with template preview, educational context, and group participation | COTM Campaign Report | Campaign |
| Course enrollment status, completion rates, and overdue assignments by user | Enrollment Completion | Course |
| Repeat offenders — users with multiple phishing failures who need targeted follow-up | Watchlist | User |
| 12-month phishing trends for a group, with a campaign-by-campaign breakdown | Phishing Trendline | Group |
Two card labels don't match their destination
The catalog card and the report's own pages use different names in two places. Don't let it trip you up:
- The Phishing Trendline card lands on a page titled Group Reports, where you pick a group; the report it then produces is the Group Performance Report.
- The Enrollment Completion card opens the Course Enrollment Report page.
In both cases the card is the label you click; the destination uses a different name.
How opening a report works
Clicking View report on a card takes you to that report's page. From there, two things vary by report.
Some open straight to data; others ask you to pick first
A few reports render immediately because they aggregate across the whole org. Most ask you to choose a campaign, test, course, or group before showing results:
- Open directly to data: Security Awareness Snapshot and Watchlist.
- Pick a campaign / test / course / group first: Executive Summary (a campaign), Test Summary (a test), COTM Campaign Report (a campaign), Enrollment Completion (a course), and Phishing Trendline (a group).
If a report needs a selection, its landing screen lists the available options — for example, only campaigns that are linked to PhishingBox appear in the Executive Summary picker, since the metrics come from there.
Export to PDF and email to org users
Every report page has an Export PDF button that downloads the report. Most reports also have an Email button that sends the same PDF straight from the page. When you click Email, Hook opens an Email Report dialog listing the users in the selected organization; you search and check the recipients, then click Send Report. Hook generates the PDF server-side and sends it as an attachment. This is how you'd hand a campaign Executive Summary or a Course Enrollment report to a stakeholder without downloading and forwarding it yourself.
The one exception is the Security Awareness Snapshot: it is export-only, with an Export PDF button but no Email button.
Recipients are limited to the org's users
The email recipient list is the users that belong to the selected organization — you choose from that list rather than typing arbitrary email addresses. To send reports to someone outside the org, add them as a user first.

Where the data comes from
Knowing the source explains why some reports load slower and why a missing integration breaks only part of the catalog:
- Phishing reports pull live from PhishingBox. Executive Summary, Test Summary, Watchlist, and Phishing Trendline (Group Performance) call the PhishingBox API using the organization's own API key. No key, no data for those reports.
- The course report comes from Hook's database. Enrollment Completion reads training enrollments and completion directly from Hook, so it works even if PhishingBox isn't configured.
- The COTM report is built from Hook's own records, with PhishingBox as a bonus. Its content — template preview, educational context, and group participation — comes from the stored Campaign of the Month run. It also tries to add live PhishingBox metrics (click rate, report rate), but gracefully falls back: if the org has no PhishingBox key, the report still loads and simply omits that metrics block.
- The Security Awareness Snapshot combines both — phishing results plus training completion — into one monthly, client-ready document.
The COTM card only appears when COTM is enabled
The COTM Campaign Report card is hidden unless "Campaign of the Month" is turned on for the selected organization. Hook checks the org's COTM preferences when the page loads; if COTM isn't enabled, the card isn't in the grid. If you expect to see it and don't, COTM is off for that org.
Reports follow the selected org
The whole catalog is scoped to the organization currently chosen in the org switcher. When you switch orgs, the Reports page re-checks COTM and re-fetches data for the new org automatically — you don't need to reload. The data inside each report (campaigns, tests, courses, groups, users) is likewise limited to that org and the client orgs beneath it that you have access to.
Empty grid or 'No reports found'
If filtering leaves nothing, Hook shows a No reports found state — clear the category chips to bring every report back. If a report opens but shows no data, the usual causes are: the selected org has no campaigns or enrollments yet, or (for phishing reports) the org is missing its PhishingBox API key.
Related
Read the executive summary report
Make sense of the KPIs, risk score, and recommended training for a single campaign.
Run the test summary report
See aggregated phishing test results and the users who clicked.
Run the course enrollment report
Track completion rates and overdue training by user.
Review the security watchlist
Identify repeat offenders who need targeted follow-up.
Preview upcoming Autopilot campaigns
Use Campaign Previews to see what Autopilot will send next — the email screenshot, educational context, training video, and the safelist IPs your IT team must allowlist.
Read the executive summary report
Open, interpret, and share the executive summary for a phishing campaign so leadership sees risk and your team knows what to do next.