I’m a beginner in scanning so please bear in mind.
So I installed an Openvas virtual machine on Vmware and started scanning an Ubuntu server, also in Vmware. But unfortunately the scan doesn’t show any vulnerabilities like missing patches on application like openssh etc. Only showing log results and one low. Here is the test results - https://imgur.com/a/dSOEixW
Here is my openvas settings - https://imgur.com/a/qVeldET
Thank you to anyone who answers!
PS. All of this is in a test environment and home network
This is Openvas community edition
Standard remote unauthenticated scan might produce not too many results depending on the services exposed.
One thing you can look at is the QoD (Quality of Detection) (see https://docs.greenbone.net/GSM-Manual/gos-4/en/glossary.html#quality-of-detection-qod). The lower you set this value the more results you might get but you might get as well more false-positives as distros like Ubuntu might have backports. So always recheck the results with your actual setup.
If you want a more thorough scan consider to do an authenticated scan (https://docs.greenbone.net/GSM-Manual/gos-4/en/vulnerabilitymanagement.html#running-an-authenticated-scan-using-local-security-checks)