System and methods for improving data movement perimeter monitoring and detecting non-compliant data movement within a computing environment include generating a forwarding configuration associated with activity logs, such as activity logs associated with a test environment. The forwarding configuration includes specific fields and file types or the contents of those specific fields and files that facilitate perimeter monitoring or otherwise determining which activity log data elements are needed by an operational intel tool to reduce the amount of data input or analyzed by the operational intel tool, and thus, to reduce its processing load. The forwarding configuration is input into the operational intel tool. Mainframe data is normalized and analyzed to identify abnormal data flows and to generate electronic alerts to facilitate perimeter monitoring. False positives are identified before the alerts are communicated.