Hook SecurityHook Docs
Org Admin

Browse the reports catalog

Navigate the Reports hub — the four report categories, how to filter, and which report answers which question — then jump to the one you need.

The Reports page is the catalog of every report Hook can generate for your organization. Instead of digging through campaign or course pages, you start here, pick the report that answers your question, and open it. You'll use this hub whenever a stakeholder asks "how did the last phishing test go?", "who hasn't finished training?", or "which users keep clicking?" — each of those maps to a card on this page.

Before you start

Prerequisites

  • You're signed in to Hook as an org admin, with the right organization selected in the org switcher if you manage more than one. Every report is scoped to the selected org.
  • For any phishing report to show data, the org needs a PhishingBox API key and at least one campaign that has run. Phishing results are pulled live from PhishingBox; if the key is missing, those reports return an error instead of data.
  • For the course report, you need at least one training course assigned to users. Course data comes from Hook's own database, so it's available as soon as enrollments exist.

Open the Reports hub

From the left nav of the org portal, go to Reports (/org/reports). The page header reads Reports with the subtitle Campaign, training, and user insights. Export to PDF or share with clients. Below it is a grid of cards, one per report.

Reports catalog with category filter chips above the report card grid

The four categories

Every report belongs to one of four categories, each with its own color accent on the left edge of the card:

  • Campaign (blue) — phishing simulation results.
  • Course (purple) — training enrollment and completion.
  • User (orange) — risk-focused views of individual people.
  • Group (green) — performance broken down by group.

A row of filter chips sits above the grid — one chip per category, each with a colored dot. Click a chip to show only that category; click more than one to combine them (the filter is additive). When any chip is active, a Clear button appears to reset to all reports. The chips read Campaign, Course, User, and Group — Hook trims the word "Reports" off the full category label for the chip.

Reports catalog filtered to Campaign reports with the Clear button visible

Which report answers which question

Each card shows an icon, the report name, a one-line description, a category badge, and a View report link. Here's the decision guide for the seven reports, grounded in what each one actually produces:

You want to know…Open this reportCategory
The board-ready overview of one campaign — click rate, report rate, risk level, and recommended trainingExecutive SummaryCampaign
All phishing test results for the org, aggregated, with the users who clickedTest SummaryCampaign
A monthly, client-ready snapshot of phishing results plus training completionSecurity Awareness SnapshotCampaign
The monthly COTM ("Campaign of the Month") detail with template preview, educational context, and group participationCOTM Campaign ReportCampaign
Course enrollment status, completion rates, and overdue assignments by userEnrollment CompletionCourse
Repeat offenders — users with multiple phishing failures who need targeted follow-upWatchlistUser
12-month phishing trends for a group, with a campaign-by-campaign breakdownPhishing TrendlineGroup

Two card labels don't match their destination

The catalog card and the report's own pages use different names in two places. Don't let it trip you up:

  • The Phishing Trendline card lands on a page titled Group Reports, where you pick a group; the report it then produces is the Group Performance Report.
  • The Enrollment Completion card opens the Course Enrollment Report page.

In both cases the card is the label you click; the destination uses a different name.

How opening a report works

Clicking View report on a card takes you to that report's page. From there, two things vary by report.

Some open straight to data; others ask you to pick first

A few reports render immediately because they aggregate across the whole org. Most ask you to choose a campaign, test, course, or group before showing results:

  • Open directly to data: Security Awareness Snapshot and Watchlist.
  • Pick a campaign / test / course / group first: Executive Summary (a campaign), Test Summary (a test), COTM Campaign Report (a campaign), Enrollment Completion (a course), and Phishing Trendline (a group).

If a report needs a selection, its landing screen lists the available options — for example, only campaigns that are linked to PhishingBox appear in the Executive Summary picker, since the metrics come from there.

Export to PDF and email to org users

Every report page has an Export PDF button that downloads the report. Most reports also have an Email button that sends the same PDF straight from the page. When you click Email, Hook opens an Email Report dialog listing the users in the selected organization; you search and check the recipients, then click Send Report. Hook generates the PDF server-side and sends it as an attachment. This is how you'd hand a campaign Executive Summary or a Course Enrollment report to a stakeholder without downloading and forwarding it yourself.

The one exception is the Security Awareness Snapshot: it is export-only, with an Export PDF button but no Email button.

Recipients are limited to the org's users

The email recipient list is the users that belong to the selected organization — you choose from that list rather than typing arbitrary email addresses. To send reports to someone outside the org, add them as a user first.

Email Report dialog showing the org user picker with search, checkboxes, and selected recipients

Where the data comes from

Knowing the source explains why some reports load slower and why a missing integration breaks only part of the catalog:

  • Phishing reports pull live from PhishingBox. Executive Summary, Test Summary, Watchlist, and Phishing Trendline (Group Performance) call the PhishingBox API using the organization's own API key. No key, no data for those reports.
  • The course report comes from Hook's database. Enrollment Completion reads training enrollments and completion directly from Hook, so it works even if PhishingBox isn't configured.
  • The COTM report is built from Hook's own records, with PhishingBox as a bonus. Its content — template preview, educational context, and group participation — comes from the stored Campaign of the Month run. It also tries to add live PhishingBox metrics (click rate, report rate), but gracefully falls back: if the org has no PhishingBox key, the report still loads and simply omits that metrics block.
  • The Security Awareness Snapshot combines both — phishing results plus training completion — into one monthly, client-ready document.

The COTM card only appears when COTM is enabled

The COTM Campaign Report card is hidden unless "Campaign of the Month" is turned on for the selected organization. Hook checks the org's COTM preferences when the page loads; if COTM isn't enabled, the card isn't in the grid. If you expect to see it and don't, COTM is off for that org.

Reports follow the selected org

The whole catalog is scoped to the organization currently chosen in the org switcher. When you switch orgs, the Reports page re-checks COTM and re-fetches data for the new org automatically — you don't need to reload. The data inside each report (campaigns, tests, courses, groups, users) is likewise limited to that org and the client orgs beneath it that you have access to.

Empty grid or 'No reports found'

If filtering leaves nothing, Hook shows a No reports found state — clear the category chips to bring every report back. If a report opens but shows no data, the usual causes are: the selected org has no campaigns or enrollments yet, or (for phishing reports) the org is missing its PhishingBox API key.

On this page