diff --git a/src/afterfact.rs b/src/afterfact.rs
index c1e1e65a..23b678de 100644
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -118,8 +118,10 @@ where
 {
     if configs::CONFIG.read().unwrap().args.is_present("rfc-2822") {
         return time.to_rfc2822();
-    } else {
+    } else if configs::CONFIG.read().unwrap().args.is_present("rfc-3339") {
         return time.to_rfc3339();
+    } else {
+        return time.format("%Y-%m-%d %H:%M:%S%.3f %:z").to_string();
     }
 }
 
@@ -169,7 +171,10 @@ fn test_emit_csv() {
         .unwrap();
     let expect_tz = expect_time.with_timezone(&Local);
     let expect = "Time,Filepath,Rulepath,Level,Computername,Eventid,Alert,Details\n".to_string()
-        + &expect_tz.clone().format("%Y-%m-%dT%H:%M:%S%:z").to_string()
+        + &expect_tz
+            .clone()
+            .format("%Y-%m-%d %H:%M:%S%.3f %:z")
+            .to_string()
         + ","
         + &testfilepath.replace(".evtx", "").to_string()
         + ","
diff --git a/src/detections/configs.rs b/src/detections/configs.rs
index 6af098d3..f9454f13 100644
--- a/src/detections/configs.rs
+++ b/src/detections/configs.rs
@@ -50,6 +50,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
     let usages = "-f --filepath=[FILEPATH] 'Event file path'
     --csv-timeline=[CSV_TIMELINE] 'Csv output timeline'
     --rfc-2822 'Output date and time in RFC 2822 format. Example: Mon, 07 Aug 2006 12:34:56 -0600'
+    --rfc-3339 'Output date and time in RFC 3339 format. Example: 2006-08-07T12:34:56.485214 -06:00'
     -l --lang=[LANG] 'Output language'
     -L --level=[LEVEL] 'Specified execute rule level(default: INFO)'
     -u --utc 'Output time in UTC format(default: local time)'